251 matches found
WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...
WordPress MinimogWP Theme <= 3.9.0 is vulnerable to Content Injection
Software MinimogWP Type Theme Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-8198 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d80fff95e821 Credits Valatty Required privilege Unauthenticated Published ...
WordPress MyRewards plugin <= 5.4.14 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin MyRewards versions = 5.4.14...
WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Radio Station versions = 2.5.12...
WordPress Spark Multipurpose Theme <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Spark Multipurpose Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-50030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 093473ec2f16 Credits Peter Thaleikis Required privilege...
WordPress Simple Logo Carousel plugin <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Logo Carousel versions = 1.9.3...
WordPress Game Review Block plugin <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Game Review Block versions = 4.8.1...
WordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin TicketBAI Facturas para WooCommerce versions = 3.45...
WordPress WP Multilang plugin <= 2.4.19 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by muhammad yudha in WordPress Plugin WP Multilang versions = 2.4.19...
WordPress Team Showcase plugin < 25.05.13 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...
WordPress Blog2Social: Social Media Auto Post & Scheduler plugin < 8.4.0 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Blog2Social versions 8.4.0...
WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ninja Forms versions 3.10.1...
WordPress CM Tooltip Glossary plugin < 4.3.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Felipe Caon in WordPress Plugin CM Tooltip Glossary versions 4.3.4...
WordPress Hubbub Lite plugin < 1.34.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Hubbub Lite versions 1.34.4...
WordPress Wishlist plugin <= 2.1.0 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Wishlist versions = 2.1.0...
WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin TI WooCommerce Wishlist versions = 2.10.0...
WordPress Groundhogg plugin <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability
Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Phat Do in WordPress Plugin Groundhogg versions = 4.1.1.2...
WordPress AI Autotagger plugin < 3.30.0 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin TaxoPress versions 3.30.0...
WordPress Theme Switcha plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Theme Switcha versions = 3.4...
WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PropertyHive versions = 2.1.2...