| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | AB | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Name | Version(s) Affected | Fixed in Version | Plugin Directory | Vulnerability | Link/Plugin Status | Suggested Action | Plugin/Theme | Other Notes | Source | |||||||||||||||||||
2 | Analytics | 1.7 and earlier | unfixed | analytic | Remote Code Execution | plugin removed from repository | Remove Immediately | Plugin | https://www.pluginvulnerabilities.com/2017/04/11/vulnerability-details-remote-code-execution-rce-vulnerability-in-analytic/ | ||||||||||||||||||||
3 | Car Rental | 1.0.4 and earlier | unfixed | car-rental | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/car-rental/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
4 | Custom Admin Page | 0.1.1 and earlier | unfixed | custom-admin-page | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/custom-admin-page/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
5 | Donate | 2.1.1 and earlier | unfixed | donate-button | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/donate-button/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
6 | Error Log Viewer | 1.0.5 and earlier | unfixed | error-log-viewer | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/error-log-viewer/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
7 | Featured Posts | 1.0.0 and earlier | unfixed | bws-featured-posts | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-featured-posts/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
8 | Gallery | 4.5.0 and earlier | unfixed | gallery-plugin | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/gallery-plugin/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
9 | Google +1 | 1.3.3 and earlier | unfixed | google-one | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/google-one/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
10 | Google Maps | 1.3.5 and earlier | unfixed | bws-google-maps | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-google-maps/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
11 | Google Shortlink | 1.5.3 and earlier | unfixed | google-shortlink | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/google-shortlink/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
12 | Google Sitemap | 3.0.8 and earlier | unfixed | google-sitemap-plugin | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/google-sitemap-plugin/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
13 | Job Board | 1.1.4 and earlier | unfixed | job-board | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/job-board/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
14 | Latest Posts | 0.2 and earlier | unfixed | bws-latest-posts | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-latest-posts/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
15 | Limit Attempts | 1.1.8 and earlier | unfixed | limit-attempts | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/limit-attempts/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
16 | 1.0.4 and earlier | unfixed | bws-linkedin | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-linkedin/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | |||||||||||||||||||||
17 | Multilanguage | 1.2.3 and earlier | unfixed | multilanguage | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/multilanguage/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
18 | 1.0.4 and earlier | unfixed | bws-pinterest | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-pinterest/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | |||||||||||||||||||||
19 | Post to CSV | 1.3.1 and earlier | unfixed | post-to-csv | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/post-to-csv/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
20 | Profile Extra Fields | 1.0.7 and earlier | unfixed | profile-extra-fields | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/profile-extra-fields/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
21 | PromoBar | 1.1.0 and earlier | unfixed | promobar | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/promobar/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
22 | Quotes and Tips | 1.32 and earlier | unfixed | quotes-and-tips | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/quotes-and-tips/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
23 | Rating | 0.1 and earlier | unfixed | rating-bws | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/rating-bws/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
24 | Re-attacher | 1.0.9 and earlier | unfixed | re-attacher | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/re-attacher/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
25 | Reality | 1.0.9 and earlier | unfixed | realty | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/realty/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
26 | Relevant - Related | 1.1.9 and earlier | unfixed | relevant | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/relevant/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
27 | Social Buttons Pack | 1.1.0 and earlier | unfixed | social-buttons-pack | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/social-buttons-pack/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
28 | Testimonials | 0.1.8 and earlier | unfixed | bws-testimonials | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-testimonials/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
29 | Timesheet | 0.1.4 and earlier | unfixed | timesheet | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/timesheet/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
30 | Twitter Button | 2.54 and earlier | unfixed | twitter-plugin | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/twitter-plugin/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
31 | Updater | 1.34 and earlier | unfixed | updater | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/updater/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
32 | Visitors Online | 0.9 and earlier | unfixed | visitors-online | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/visitors-online/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
33 | Zendesk Help Center | 1.0.4 and earlier | unfixed | zendesk-help-center | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/zendesk-help-center/ | Remove until update available | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
34 | Duplicate Post | 3.1 and earlier | 3.2 | duplicate-post | Authenticated Information Disclosure | https://wordpress.org/plugins/duplicate-post/ | Update | Plugin | Plugin Changelog | ||||||||||||||||||||
35 | Social Login | 0.1 and earlier | 0.2 | social-login-bws | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/social-login-bws/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
36 | Popular Posts | 1.0.4 and earlier | 1.0.5 | bws-popular-posts | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-popular-posts/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
37 | Pagination | 1.0.6 and earlier | 1.0.7 | pagination | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/pagination/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
38 | Gallery Categories | 1.0.8 and earlier | 1.0.9 | gallery-categories | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/gallery-categories/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
39 | SMTP | 1.0.9 and earlier | 1.1.0 | bws-smtp | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-smtp/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
40 | Email Queue | 1.1.1 and earlier | 1.1.2 | email-queue | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/email-queue/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
41 | Contact Form Multi | 1.2.0 and earlier | 1.2.1 | contact-form-multi | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/contact-form-multi/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
42 | Sender | 1.2.0 and earlier | 1.2.1 | sender | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/sender/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
43 | Google Captcha | 1.27 and earlier | 1.28 | google-captcha | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/google-captcha/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
44 | Custom Fields Search | 1.3.1 and earlier | 1.3.2 | custom-fields-search | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/custom-fields-search/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
45 | Subscriber | 1.3.4 and earlier | 1.3.5 | subscriber | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/subscriber/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
46 | Custom Search | 1.35 and earlier | 1.36 | custom-search-plugin | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/custom-search-plugin/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
47 | Google AdSense | 1.43 and earlier | 1.44 | adsense-plugin | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/adsense-plugin/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
48 | Calendar by WD / Spider Event Calendar | 1.5.51 and earlier | 1.5.52 | spider-event-calendar | Authenticated Blind SQL Injection | https://wordpress.org/plugins/spider-event-calendar/ | Update | Plugin | http://seclists.org/fulldisclosure/2017/Apr/43 | ||||||||||||||||||||
49 | User Role | 1.5.5 and earlier | 1.5.6 | user-role | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/user-role/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
50 | Contact Form to DB | 1.5.6 and earlier | 1.5.7 | contact-form-to-db | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/contact-form-to-db/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
51 | Tribulant Slideshow Gallery | 1.6.5 and earlier | 1.6.6 | slideshow-gallery | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/slideshow-gallery/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gallery_Plugin_Advisory.pdf | ||||||||||||||||||||
52 | Google Analytics | 1.7.0 and earlier | 1.7.1 | bws-google-analytics | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/bws-google-analytics/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
53 | Htaccess | 1.7.5 and earlier | 1.7.6 | htaccess | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/htaccess/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
54 | PDF & Print | 1.9.3 and earlier | 1.9.4 | pdf-print | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/pdf-print/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
55 | WP Statistics | 12.0.4 and earlier | 12.0.5 | wp-statistics | Reflected Cross-Site Scripting | https://wordpress.org/plugins/wp-statistics/ | Update | Plugin | http://jvn.jp/en/jp/JVN17633442/index.html | ||||||||||||||||||||
56 | Gallery – Video Gallery and Youtube Gallery | 2.1.0 and earlier | 2.1.1 | gallery-video | Authenticated SQL Injection | https://wordpress.org/plugins/gallery-video/ | Update | Plugin Changelog | |||||||||||||||||||||
57 | Portfolio | 2.39 and earlier | 2.40 | portfolio | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/portfolio/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
58 | Facebook Button | 2.53 and earlier | 2.54 | facebook-button-plugin | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/facebook-button-plugin/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
59 | CopySafe Web Protection | 2.5 and earlier | 2.6 | wp-copysafe-web | Cross-Site Request Forgery | https://wordpress.org/plugins/wp-copysafe-web/ | Update | Plugin | http://seclists.org/fulldisclosure/2017/Apr/42 | ||||||||||||||||||||
60 | Contact Form | 4.0.5 and earlier | 4.0.6 | contact-form-plugin | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/contact-form-plugin/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
61 | Captcha | 4.2.9 and earlier | 4.3.0 | captcha | Multilple Cross-Site Scripting vulnerabilities | https://wordpress.org/plugins/captcha/ | Update | Plugin | http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf | ||||||||||||||||||||
62 | |||||||||||||||||||||||||||||
63 | |||||||||||||||||||||||||||||
64 | |||||||||||||||||||||||||||||
65 | |||||||||||||||||||||||||||||
66 | |||||||||||||||||||||||||||||
67 | |||||||||||||||||||||||||||||
68 | |||||||||||||||||||||||||||||
69 | |||||||||||||||||||||||||||||
70 | |||||||||||||||||||||||||||||
71 | |||||||||||||||||||||||||||||
72 | |||||||||||||||||||||||||||||
73 | |||||||||||||||||||||||||||||
74 | |||||||||||||||||||||||||||||
75 | |||||||||||||||||||||||||||||
76 | |||||||||||||||||||||||||||||
77 | |||||||||||||||||||||||||||||
78 | |||||||||||||||||||||||||||||
79 | |||||||||||||||||||||||||||||
80 | |||||||||||||||||||||||||||||
81 | |||||||||||||||||||||||||||||
82 | |||||||||||||||||||||||||||||
83 | |||||||||||||||||||||||||||||
84 | |||||||||||||||||||||||||||||
85 | |||||||||||||||||||||||||||||
86 | |||||||||||||||||||||||||||||
87 | |||||||||||||||||||||||||||||
88 | |||||||||||||||||||||||||||||
89 | |||||||||||||||||||||||||||||
90 | |||||||||||||||||||||||||||||
91 | |||||||||||||||||||||||||||||
92 | |||||||||||||||||||||||||||||
93 | |||||||||||||||||||||||||||||
94 | |||||||||||||||||||||||||||||
95 | |||||||||||||||||||||||||||||
96 | |||||||||||||||||||||||||||||
97 | |||||||||||||||||||||||||||||
98 | |||||||||||||||||||||||||||||
99 | |||||||||||||||||||||||||||||
100 |