The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export...
7.5CVSS
7.5AI Score
0.003EPSS
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in....
4.8CVSS
4.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through...
6.5CVSS
5.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to...
6.4CVSS
5.3AI Score
0.001EPSS
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...
6.1CVSS
5.7AI Score
0.007EPSS
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor.....
6.4CVSS
5.2AI Score
0.001EPSS
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers.....
4.3CVSS
4.5AI Score
0.007EPSS
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping....
6.1CVSS
6.4AI Score
0.001EPSS
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This...
7.2CVSS
6.6AI Score
0.001EPSS
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid...
7.5CVSS
7.5AI Score
0.001EPSS
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups...
7.5CVSS
7.4AI Score
0.002EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through....
7.6CVSS
7.5AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through...
7.5CVSS
7.6AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through...
7.6CVSS
7.5AI Score
0.001EPSS
Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through...
9.9CVSS
8.7AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through...
7.5CVSS
7.6AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...
10CVSS
9.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through...
7.1CVSS
6.5AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through...
6.5CVSS
5.8AI Score
0.015EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through...
7.1CVSS
6.5AI Score
0.0005EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through...
7.6CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through...
5.9CVSS
5.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through...
5.9CVSS
5.4AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...
8.1CVSS
7.5AI Score
0.001EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through...
9.1CVSS
7.1AI Score
0.0005EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before...
7.5CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or....
7.6CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through...
7.6CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit –...
7.6CVSS
7.6AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through...
7.5CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through...
7.1CVSS
6.5AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the...
8.8CVSS
8.8AI Score
0.001EPSS
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged...
7.2CVSS
7.2AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a...
6.5CVSS
6.5AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through...
5.9CVSS
5.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through...
7.5CVSS
7.4AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through...
7.5CVSS
7.6AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through...
7.5CVSS
7.5AI Score
0.001EPSS
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through...
9.8CVSS
9.4AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through...
10CVSS
9.4AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before...
9.8CVSS
9.8AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a...
8.8CVSS
9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a...
8.8CVSS
8.9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before...
9.8CVSS
9.7AI Score
0.001EPSS