The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible......
7.2CVSS
5.2AI Score
0.001EPSS
The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....
4.7CVSS
4.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on...
8.8CVSS
8.8AI Score
0.001EPSS
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on...
8.8CVSS
8.7AI Score
0.001EPSS
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV...
9.8CVSS
9.6AI Score
0.003EPSS
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as...
6.3CVSS
4.5AI Score
0.001EPSS
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on...
8.8CVSS
8.9AI Score
0.001EPSS
Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on...
8.8CVSS
8.7AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on...
4.3CVSS
4.6AI Score
0.001EPSS
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on...
8.8CVSS
9AI Score
0.001EPSS
Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and...
4.8CVSS
5AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on...
8.8CVSS
8.8AI Score
0.001EPSS
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on...
9.1CVSS
9.2AI Score
0.001EPSS
Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on...
4.9CVSS
5AI Score
0.001EPSS
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on...
7.5CVSS
7.3AI Score
0.002EPSS
Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on...
9.8CVSS
9.4AI Score
0.002EPSS
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on...
8.8CVSS
8.6AI Score
0.001EPSS
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on...
7.5CVSS
7.5AI Score
0.001EPSS
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on...
7.2CVSS
6.9AI Score
0.001EPSS
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on...
10CVSS
9.6AI Score
0.003EPSS
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on...
5.4CVSS
5.3AI Score
0.001EPSS
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking...
5.3CVSS
5.2AI Score
0.001EPSS
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on...
8.8CVSS
9AI Score
0.001EPSS
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on...
6.1CVSS
6.2AI Score
0.001EPSS
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on...
5.3CVSS
5.2AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on...
4.8CVSS
4.8AI Score
0.001EPSS
Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on...
6.5CVSS
6.4AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on...
8.8CVSS
8.8AI Score
0.001EPSS
6.5CVSS
5.2AI Score
0.001EPSS
Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on...
5.4CVSS
5.4AI Score
0.001EPSS
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on...
6.1CVSS
5.9AI Score
0.001EPSS
Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on...
8.8CVSS
8.4AI Score
0.001EPSS
Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on...
4.3CVSS
4.1AI Score
0.001EPSS
Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on...
6.5CVSS
6.4AI Score
0.001EPSS
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on...
8.8CVSS
8.6AI Score
0.001EPSS
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on...
5.4CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on...
8.8CVSS
8.6AI Score
0.001EPSS
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on...
9.8CVSS
8.4AI Score
0.016EPSS
9.8CVSS
9.4AI Score
0.002EPSS
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on...
6.1CVSS
6.1AI Score
0.001EPSS
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation...
4.3CVSS
4.5AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on...
8.8CVSS
8.8AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on...
4.8CVSS
4.8AI Score
0.001EPSS
Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on...
8.8CVSS
8.6AI Score
0.001EPSS
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on...
8.8CVSS
8.7AI Score
0.001EPSS
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on...
8.8CVSS
8.9AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on...
4.8CVSS
4.8AI Score
0.001EPSS