The safe input case is true in some rare circumstances. To subscribe to this RSS feed, copy and paste this URL into your RSS reader. Review those vulnerabilities in this report now to ensure your site is not affected. For more information, visit . Thanks for contributing an answer to Stack Overflow! By clicking Post Your Answer, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct. which may result in unsafe Deserialization. WAF-RULE-600 Data redacted while we work with the developer to ensure the vulnerability gets patched. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report. | CVE - Search Results Click here to sign-up for our mailing list, Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 Arbitrary File Upload in File Manager, ReviewX <= 1.6.13 Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation, miniorange-login-with-eve-online-google-facebook, woocommerce-product-category-selection-widget, Unlimited Elements For Elementor (Free Widgets, Addons, Templates), https://wordfence.com/threat-intel/vulnerabilities/id/9a09102c-391e-4057-b883-3d2eef1671ce, WooCommerce Follow-Up Emails <= 4.9.40 Authenticated Arbitrary File Upload in Template Editing, https://wordfence.com/threat-intel/vulnerabilities/id/a169934d-17ce-4d34-be00-c5ac0b488066, Leyka <= 3.30 Privilege Escalation via Admin Password Reset, https://wordfence.com/threat-intel/vulnerabilities/id/0152bcc9-6d24-4475-848d-71fe88aa7e2a, Recently Viewed Products <= 1.0.0 Unauthenticated PHP Object Injection, https://wordfence.com/threat-intel/vulnerabilities/id/46f31a60-0a0e-449d-a10a-3cafd0492a9c, MStore API <= 3.9.1 Authentication Bypass, https://wordfence.com/threat-intel/vulnerabilities/id/5881d16c-84e8-4610-8233-cfa5a94fe3f9, MStore API <= 3.9.2 Authentication Bypass, https://wordfence.com/threat-intel/vulnerabilities/id/f00761a7-fe24-49a3-b3e3-a471e05815c1, LearnDash LMS <= 4.5.3 Authenticated (Contributor+) SQL Injection, https://wordfence.com/threat-intel/vulnerabilities/id/40a57493-b99b-4e71-8603-e668c6283a5a, Contact Form Entries <= 1.3.0 Authenticated (Contributor+) SQL Injection via shortcode, Contact Form Entries Contact Form 7, WPforms and more, https://wordfence.com/threat-intel/vulnerabilities/id/4b475ada-3b31-40a3-9a81-5a7b1a1e190a, OAuth Single Sign On SSO (OAuth Client) <= 6.23.3 Missing Authorization, OAuth Single Sign On SSO (OAuth Client), https://wordfence.com/threat-intel/vulnerabilities/id/5d166a77-d57b-4827-96ca-b8eb423861f0, SupportCandy <= 3.1.6 Authenticated (Subscriber+) SQL Injection, SupportCandy Helpdesk & Support Ticket System, https://wordfence.com/threat-intel/vulnerabilities/id/c1d2b6bd-a75a-4a07-b2f0-8ec206d41211, Go Pricing WordPress Responsive Pricing Tables <= 3.3.19 Authenticated (Subscriber+) PHP Object Injection, Go Pricing WordPress Responsive Pricing Tables, https://wordfence.com/threat-intel/vulnerabilities/id/f7686b11-97a8-4f09-bbfa-d77120cc35b7, Easy Captcha <= 1.0 Missing Authorization via easy_captcha_update_settings, https://wordfence.com/threat-intel/vulnerabilities/id/8efe2ccf-33cb-4db3-bc3d-ead826adb7d0, Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.3 Authenticated (Admin+) SQL Injection, Integration for Contact Form 7 and Zoho CRM, Bigin, https://wordfence.com/threat-intel/vulnerabilities/id/0b4e6dae-f38c-4f5b-ae1d-cf998946c675, QueryWall <= 1.1.1 Authenticated (Administrator+) SQL Injection, https://wordfence.com/threat-intel/vulnerabilities/id/306c98ad-0d42-4ad5-b82a-bf4579865aa9, Slider Revolution <= 6.6.12 Authenticated (Administrator+) Arbitrary File Upload, https://wordfence.com/threat-intel/vulnerabilities/id/4fa00dae-c51d-4586-81da-b568cd6d8124, SupportCandy <= 3.1.6 Authenticated (Admin+) SQL Injection, https://wordfence.com/threat-intel/vulnerabilities/id/75f01eb4-5d53-441d-9bee-e97857dadaf9, SIS Handball <= 1.0.45 Authenticated (Administrator+) SQL Injection via orderby, https://wordfence.com/threat-intel/vulnerabilities/id/cabdc9db-2d1c-4390-a4b7-65648ef9f16a, Multiple Page Generator Plugin MPG <= 3.3.19 Authenticated (Administrator+) SQL Injection in projects_list and total_projects, https://wordfence.com/threat-intel/vulnerabilities/id/d18d800b-647f-4706-9ec1-a8ea4e643965, WooCommerce Follow-Up Emails <= 4.9.50 Authenticated (Follow-up emails manager+) SQL Injection, https://wordfence.com/threat-intel/vulnerabilities/id/dc5276e2-e9de-4409-bbe0-4d0b37244367, WooCommerce Product Vendors <= 2.1.76 Authenticated (Vendor admin+) SQL Injection, https://wordfence.com/threat-intel/vulnerabilities/id/ed8f8984-bea6-44aa-9bde-5b40b455767f, WooCommerce Warranty Requests <= 2.1.6 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/1665fda6-005d-42ba-883d-2e3ad7abe0ba, Go Pricing WordPress Responsive Pricing Tables <= 3.3.19 Improper Authorization to Arbitrary File Upload, https://wordfence.com/threat-intel/vulnerabilities/id/477c6fa2-16a8-4461-b4d4-d087e13e3ca7, User Activity Log <= 1.6.1 Authenticated(Administrator+) SQL Injection via txtsearch, https://wordfence.com/threat-intel/vulnerabilities/id/17a787da-5630-42ec-b5b0-47435db765a7, WIP Custom Login <= 1.2.9 Cross-Site Request Forgery via save_option, https://wordfence.com/threat-intel/vulnerabilities/id/15b93e63-5ef2-4fb1-8c6b-28fcfab8e34d, BEAR <= 1.1.3.1 Cross-Site Request Forgery via Multiple Functions, BEAR Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net, https://wordfence.com/threat-intel/vulnerabilities/id/a7e3818c-883f-4633-a460-a8c0446edffc, WP EasyCart <= 5.4.8 Cross-Site Request Forgery via process_bulk_delete_product, https://wordfence.com/threat-intel/vulnerabilities/id/b36e94e4-b1e8-4803-9377-c4d710b029de, WP EasyCart <= 5.4.8 Cross-Site Request Forgery via process_delete_product, https://wordfence.com/threat-intel/vulnerabilities/id/bcca7ade-8b35-4ba1-a8b4-b1e815b025e3, Go Pricing WordPress Responsive Pricing Tables <= 3.3.19 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode, https://wordfence.com/threat-intel/vulnerabilities/id/1c3d4c96-63a7-4f3b-a9ac-095be241f840, Google Map Shortcode <= 3.1.2 Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode, https://wordfence.com/threat-intel/vulnerabilities/id/2f6656e2-35f5-41d8-a330-7904c296ba29, Contact Form Entries <= 1.3.0 Authenticated (Contributor+) Stored Cross-Site Scripting via vx-entries shortcode, https://wordfence.com/threat-intel/vulnerabilities/id/51986a76-933b-4c25-af79-d0c3f9e1d513, SlideOnline <= 1.2.1 Authenticated (Contributor+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/778e2191-d764-44a1-9f52-9698e9183fd2, Yoast SEO: Local <= 14.9 Authenticated (Contributor+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/cb6457ea-6353-4a69-ad72-cd5acd47ed8c, Responsive Tabs For WPBakery Page Builder <= 1.1 Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode, Responsive Tabs For WPBakery Page Builder (formerly Visual Composer), https://wordfence.com/threat-intel/vulnerabilities/id/d1c3ddae-046a-4080-ac2b-90fb89fbff7b, Duplicator Pro <= 4.5.11 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/1426bebe-d3c4-4f83-9b50-fae8c2373209, EventPrime <= 2.8.6 Reflected Cross-Site Scripting, EventPrime Modern Events Calendar, Bookings and Tickets, https://wordfence.com/threat-intel/vulnerabilities/id/22479c6a-83ea-4c09-b192-4384ffbdcbf7, WooCommerce Follow-Up Emails <= 4.9.40 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/4487391e-baa4-4320-a23d-b52a42e2de90, This Day In History <= 3.10.1 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/4b88a8a9-d3e1-4c21-a4e8-d9afa34d7a2e, Conditional Menus <= 1.2.0 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/57d3506c-8db8-4e1b-9587-7f2bdb632890, WP-Hijri <= 1.5.1 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/67aaf9fa-e92b-42f2-94ac-f27c5d073002, Multiple Wow-Company Plugins (Various Versions) Reflected Cross-Site Scripting via page parameter, Herd Effects fake notifications and social proof plugin, Side Menu Lite add sticky fixed buttons, Sticky Buttons floating buttons builder, Counter Box WordPress plugin for countdown, timer, counter, WP Coder add custom html, css and js code, https://wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33, WooCommerce Product Categories Selection Widget <= 2.0 Reflected Cross-Site Scripting, WooCommerce Product Categories Selection Widget, https://wordfence.com/threat-intel/vulnerabilities/id/8f68c70b-9fde-43a6-8a7c-00938aa0e109, WooCommerce Product Vendors <= 2.1.76 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/a93c0dd4-8341-438d-8730-470e9a230d97, Rank Math SEO PRO <= 3.0.35 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/b4ec9001-c4aa-4db3-b7d7-29afa243f78a, Leyka <= 3.30 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/baf54eb2-0b29-4718-a994-f722cefd7317, Easy Captcha <= 1.0 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/cd73cf64-289d-4401-bef7-9a4398a85055, Front End Users <= 3.2.25 Unauthenticated Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/e076e054-6a0b-4c08-b0cc-bd3a5b0751e5, IP Metaboxes <= 2.1.1 Reflected Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/f611d609-97c5-4b77-9657-c8d9d10e786a, WooCommerce Shipping & Tax <= 2.2.4 Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/57156ebc-2858-4295-ba08-57bcab6db229, Easy Google Maps <= 1.11.7 Cross-Site Request Forgery via AJAX action, https://wordfence.com/threat-intel/vulnerabilities/id/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05, Elementor <= 3.13.2 Authenticated(Contributor+) Arbitrary Post Type Creation via save_item, Elementor Website Builder More than Just a Page Builder, https://wordfence.com/threat-intel/vulnerabilities/id/525cb51c-23f1-446f-a247-0f69ec5029d8, IP Metaboxes <= 2.1.1 Unauthenticated Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/9163861b-735b-4007-97f7-8f9095d93ec9, Uncanny Automator <= 4.14 Cross-Site Request Forgery via update_automator_connect, Uncanny Automator Automate everything with the #1 no-code Automation tool for WordPress, https://wordfence.com/threat-intel/vulnerabilities/id/bd0d8661-4725-41dd-88ce-8e94e285d5b8, Tutor LMS <= 2.1.10 Missing Authorization via multiple AJAX actions, Tutor LMS eLearning and online course solution, https://wordfence.com/threat-intel/vulnerabilities/id/bf16617d-cec2-4943-bd20-7ade31878714, Easy Google Maps <= 1.11.7 Cross-Site Request Forgery, https://wordfence.com/threat-intel/vulnerabilities/id/ee52c6c0-c69e-46c4-9e4b-94aa69c00737, EventPrime <= 2.8.6 Sensitive Information Exposure, https://wordfence.com/threat-intel/vulnerabilities/id/1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85, Download Theme <= 1.0.9 Cross-Site Request Forgery via dtwap_download(), https://wordfence.com/threat-intel/vulnerabilities/id/50ca7cf8-bb47-42ea-badc-8bfe0328cbb0, SKU Label Changer For WooCommerce <= 3.0 Missing Authorization, https://wordfence.com/threat-intel/vulnerabilities/id/793594f7-6325-4561-ad74-a08aebc20c53, Button Generator easily Button Builder <= 2.3.5 Cross-Site Request Forgery, https://wordfence.com/threat-intel/vulnerabilities/id/af803612-96ae-41ee-8ad3-8f9319b147e8, WS Form LITE Drag & Drop Contact Form Builder for WordPress, https://wordfence.com/threat-intel/vulnerabilities/id/d99f81ea-1e74-4b67-a6c5-3dbc7865a68a, Upload Resume <= 1.2.0 Captcha Bypass via resume_upload_form, https://wordfence.com/threat-intel/vulnerabilities/id/fc0acff9-6852-4ecb-84f9-98a15dd30fc6, Unite Gallery Lite <= 1.7.59 Authenticated(Administrator+) Local File Inclusion via view parameter, https://wordfence.com/threat-intel/vulnerabilities/id/0c2925c1-f5c6-45b9-bc61-96f325c0372f, WordPress File Upload / WordPress File Upload Pro <= 4.19.1 Authenticated (Administrator+) Path Traversal, https://wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d, Go Pricing WordPress Responsive Pricing Tables <= 3.3.19 Missing Authorization to Limited Privilege Granting, https://wordfence.com/threat-intel/vulnerabilities/id/5779914a-a168-4835-8aea-e0ab2b3be4f6, AI ChatBot <= 4.5.4 Authenticated (Administrator+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/114bd025-74c5-40a2-82e8-5947497fc836, WordPress File Upload / WordPress File Upload Pro <= 4.19.1 Authenticated (Administrator+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248, Custom Post Type Generator <= 2.4.2 Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings, https://wordfence.com/threat-intel/vulnerabilities/id/23a2b1ac-2183-48ae-8376-fb950fe83fd9, QuBotChat <= 1.1.5 Authenticated(Administrator+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/45f98c00-0bfd-405e-a6b3-581841d803de, File Renaming on Upload <= 2.5.1 Authenticated (Admin+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/550c3f56-d188-4be1-82cd-db076c09cf61, WP-Piwik <= 1.0.27 Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Display Name, https://wordfence.com/threat-intel/vulnerabilities/id/68a520bb-261a-43f0-993d-de208035afe5, Novelist <= 1.2.0 Authenticated (Administrator+) Stored Cross-Site Scripting via Book Information Fields, https://wordfence.com/threat-intel/vulnerabilities/id/6b8f64ed-abf8-4a8b-b32f-75afeaccea5c, Video Contest WordPress Plugin <= 3.2 Authenticated (Administrator+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/86079059-11c7-4545-b254-6bf524367b46, MailChimp Subscribe Forms <= 4.0.9.1 Authenticated (Administrator+) Stored Cross-Site Scripting, MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder, https://wordfence.com/threat-intel/vulnerabilities/id/86f6e8b8-ebfd-4d9f-a285-9d0aa2e961ff, AI ChatBot <= 4.5.5 Authenticated (Administrator+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/9df97805-b425-49b1-86c1-e66213dacd2b, Easy Admin Menu <= 1.3 Authenticated (Administrator+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/fefab999-12e0-4866-a5a2-60f8faa64f89, WP EasyCart <= 5.4.8 Cross-Site Request Forgery via process_bulk_activate_product, https://wordfence.com/threat-intel/vulnerabilities/id/02fd8469-cd99-42dc-9a28-c0ea08512bb0, WP EasyCart <= 5.4.8 Cross-Site Request Forgery via process_duplicate_product, https://wordfence.com/threat-intel/vulnerabilities/id/041830b8-f059-46f5-961b-3ba908d161f9, WP EasyCart <= 5.4.8 Cross-Site Request Forgery via process_deactivate_product, https://wordfence.com/threat-intel/vulnerabilities/id/1268604c-08eb-4d86-8e97-9cdaa3e19c1f, YouTube Playlist Player <= 4.6.4 Cross-Site Request Forgery in ytpp_settings, https://wordfence.com/threat-intel/vulnerabilities/id/39aed7e9-05c6-4251-b489-de7a33ed2c2e, WooCommerce Follow-Up Emails <= 4.9.40 Cross-Site Request Forgery, https://wordfence.com/threat-intel/vulnerabilities/id/4fee61cd-7359-4193-8cf2-86e0527a8ef1, WP Tiles <= 1.1.2 Cross-Site Request Forgery, https://wordfence.com/threat-intel/vulnerabilities/id/52876909-3d2a-480d-9c47-39e96d088ff3, Video Contest WordPress Plugin <= 3.2 Cross-Site Request Forgery, https://wordfence.com/threat-intel/vulnerabilities/id/597fe53e-769e-4edd-b0b9-2bd2cff50da6, Flickr Justified Gallery <= 3.5 Cross-Site Request Forgery via fjgwpp_settings(), https://wordfence.com/threat-intel/vulnerabilities/id/76a1d39e-8d69-4507-b75c-d376a2122d15, Abandoned Cart Lite for WooCommerce <= 5.14.1 Cross-Site Request Forgery via delete_expired_used_coupon_code, https://wordfence.com/threat-intel/vulnerabilities/id/a1e51a99-f5d4-47d4-bead-00ca1f5f72c2, Custom Twitter Feeds (Tweets Widget) <= 1.8.4 Cross-Site Request Forgery, https://wordfence.com/threat-intel/vulnerabilities/id/a5a5f8c2-3fd6-4d31-a3b5-60bdb8c18491, WP EasyCart <= 5.4.8 Cross-Site Request Forgery via process_bulk_deactivate_product, https://wordfence.com/threat-intel/vulnerabilities/id/a68b8df9-9b50-4617-9308-76a2a9036d7a, WordPress Backup & Migration <= 1.4.0 Missing Authorization via wt_delete_schedule, https://wordfence.com/threat-intel/vulnerabilities/id/ce978334-42e1-4334-a2d1-c3966339e4fc, Product Gallery Slider for WooCommerce <= 2.2.8 Cross-Site Request Forgery, https://wordfence.com/threat-intel/vulnerabilities/id/df911497-8504-424e-8717-42d0bb6c90f1, Abandoned Cart Lite for WooCommerce <= 5.14.1 Cross-Site Request Forgery via ts_reset_tracking_setting, https://wordfence.com/threat-intel/vulnerabilities/id/e743e656-2dd9-43ed-a190-b03af7c75c54, JetFormBuilder <= 3.0.6 Cross-Site Request Fogery via do_admin_action, JetFormBuilder Dynamic Blocks Form Builder, https://wordfence.com/threat-intel/vulnerabilities/id/f37c4b2c-6f41-46b5-8427-b1883b39322e, UTM Tracker <= 1.3.1 Authenticated (Administrator+) Stored Cross-Site Scripting, https://wordfence.com/threat-intel/vulnerabilities/id/077ec165-edd3-4c2c-b1ea-01ca5b80f779, Improper Neutralization of Input During Web Page Generation (Cross-site Scripting), Improper Neutralization of Special Elements used in an SQL Command (SQL Injection), Unrestricted Upload of File with Dangerous Type, Improper Limitation of a Pathname to a Restricted Directory (Path Traversal), Authentication Bypass Using an Alternate Path or Channel, Authorization Bypass Through User-Controlled Key, Client-Side Enforcement of Server-Side Security.
Who Makes Member's Mark Tents,
Guess The Post Quiz Tiktok,
Noritake China From Japan 1950s,
Make Money Selling Leads,
Articles D