Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6...
7.1CVSS
6.1AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave Ross Dave's WordPress Live Search plugin <= 4.8.1...
5.9CVSS
4.8AI Score
0.0004EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <= 2.2.1...
7.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16...
7.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6...
7.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16...
7.1CVSS
6.3AI Score
0.001EPSS
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3...
6.5CVSS
5.4AI Score
0.0005EPSS
Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...
6.1CVSS
6.3AI Score
0.001EPSS
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated...
7.2CVSS
6.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39...
8.8CVSS
8.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2...
8.8CVSS
8.8AI Score
0.001EPSS
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...
9.9CVSS
9.5AI Score
0.003EPSS
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP...
8.8CVSS
8.8AI Score
0.001EPSS
The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an export of the top 10.....
4.3CVSS
4.2AI Score
0.001EPSS
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger a CSV export via a....
4.3CVSS
4.5AI Score
0.001EPSS
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that.....
7.2CVSS
5.9AI Score
0.001EPSS
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpep_download_transaction_in_excel() function. This makes it possible for unauthenticated...
4.3CVSS
4.3AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3...
6.5CVSS
6.5AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5...
6.5CVSS
6.6AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5...
6.5CVSS
6.5AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1...
6.5CVSS
6.9AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2...
8.8CVSS
8.8AI Score
0.001EPSS
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for...
4.3CVSS
4.3AI Score
0.001EPSS
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(),....
8.8CVSS
8.2AI Score
0.001EPSS
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save...
4.3CVSS
4.2AI Score
0.001EPSS
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for...
4.3CVSS
4.2AI Score
0.001EPSS
The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via.....
4.3CVSS
4.2AI Score
0.001EPSS
The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for...
4.3CVSS
4.3AI Score
0.001EPSS
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This...
9.8CVSS
9.4AI Score
0.012EPSS
The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire...
7.5CVSS
7.4AI Score
0.002EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1...
5.9CVSS
4.9AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7...
8.8CVSS
9.1AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting...
7.1CVSS
6.2AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20...
5.9CVSS
5AI Score
0.0005EPSS
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and...
6.5CVSS
6.6AI Score
0.001EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7...
6.5CVSS
5.3AI Score
0.0005EPSS
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9...
5.9CVSS
4.8AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5...
7.1CVSS
6AI Score
0.001EPSS
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as...
7.2CVSS
7.2AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress Старт plugin <= 3.7...
5.9CVSS
4.8AI Score
0.0005EPSS
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers.....
4.3CVSS
4.6AI Score
0.001EPSS
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
5.5CVSS
5.3AI Score
0.001EPSS
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in...
4.9CVSS
5.5AI Score
0.001EPSS
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
5.3AI Score
0.001EPSS
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.6AI Score
0.001EPSS
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
5.2AI Score
0.001EPSS
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated...
4.3CVSS
5.3AI Score
0.001EPSS