These submissions have been marked as vulnerable due to potential security issues with the plugin. This list contains the name of the plugin, the author and a short description regarding its vulnerability. Please bear in mind that the sole purpose of this page is to inform users to avoid these plugins and to help authors address these issues.

Vulnerable Submissions

Trash Bin

by 0xB9 Version: 1.1.4 38 Downloads 2021-01-21, 08:29 PM

Staff Notes:

CSRF vulnerable

Trending Widget

by Zain Ali Version: 1.2 183 Downloads 2021-01-29, 04:08 PM

Staff Notes:

XSS

Conversations System v1.0

by AmazOuz Version: 1 231 Downloads 2019-01-05, 01:11 PM

Staff Notes:

Surprisily, its true.. - Omar

Spoiler MyCode

by Chris Lovett Version: 1.0 304 Downloads 2021-03-09, 02:16 PM

Staff Notes:

malicious code in the plugin file

Thread Redirect

by Jamie S Version: 0.2.1 273 Downloads 2019-01-05, 12:31 AM

Staff Notes:

Latest Posts on Profile

by fizz Version: 1.1 791 Downloads 2018-05-12, 03:21 PM

Staff Notes:

XSS Vulnerability.

External Redirect Warning

by spork985 Version: 1.3 939 Downloads 2021-03-23, 02:13 PM

Staff Notes:

redirect page `url` parameter XSS vulnerability

Ban List

by Paul H. Version: 1.0 1659 Downloads 2018-12-10, 05:31 PM

Staff Notes:

Database output is not cleaned. Serpius reported a separate issue and I found this while looking at that. Simply needs to use htmlspecialchars_uni() on user info...

Related Threads

by User 12076 Version: 1.0.1 2559 Downloads 2020-01-21, 10:53 PM

Staff Notes:

Thread name XSS

Export User (GDPR/DSGVO)

by Fontane Version: V2.0 139 Downloads 2022-12-05, 01:32 PM

Staff Notes: