2203 matches found
WordPress plugin Education Addon for Elementor 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...
WordPress Education Addon for Elementor plugin <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode vulnerability
Authenticated Contributor+ Insecure Direct Object Reference via naeduelementortemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Education Addon for Elementor versions = 1.3.1...
CVE-2024-13622
The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...
WordPress plugin File Uploads Addon for WooCommerce 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...
WordPress File Uploads Addon for WooCommerce plugin <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin File Uploads Addon for WooCommerce versions = 1.7.1...
CVE-2024-12164 WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...
PT-2025-6434 · WordPress · Wpsyncsheets Lite For Wpforms
Name of the Vulnerable Software and Affected Versions: WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress versions up to, and including, 1.6 Description: The issue is related to unauthorized modification of data due to a missing capability check on the wpsslwp...
WordPress WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Kévin Mosbahi Mika in WordPress Plugin WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon versions = 1.6...
CVE-2024-12599
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2020-26239
Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escape...
CVE-2024-43943
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8...
CVE-2024-43942
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2...
CVE-2024-52499
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ibrahim Pricing table addon for elementor pricing-table-addon-for-elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through...
CVE-2024-1358
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...
CVE-2024-1710
The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2024-12046
The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedicalelementortemplate' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...
CVE-2024-12046 Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedicalelementortemplate' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...
CVE-2024-12046 Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedicalelementortemplate' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...
CVE-2024-12046
Medical Addon for Elementor (WordPress)
PT-2025-1736 · WordPress · Medical Addon For Elementor
Name of the Vulnerable Software and Affected Versions: Medical Addon for Elementor plugin for WordPress versions up to, and including, 1.6.2 Description: The issue allows authenticated attackers with Contributor-level access and above to read the content of draft, pending, and private posts due t...