41 matches found
CVE-2026-57651
Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...
EUVD-2026-39762
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...
EUVD-2026-39733
Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...
EUVD-2026-39728
Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...
EUVD-2026-39385
Contributor Broken Access Control in Slim SEO = 4.6.2 versions...
EUVD-2026-37605
Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...
CVE-2026-6962
CVE-2026-6962 affects the WordPress plugin “Cost of Goods: Product Cost & Profit Calculator for WooCommerce.” Vulnerable component: the shortcodes alg_wc_cog_product_cost and alg_wc_cog_product_profit in all versions up to 4.1.0. Root cause: insufficient input sanitization and output escaping on ...
WordPress Forms Rb plugin <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by ? in WordPress Plugin Forms Rb versions = 1.1.9...
WordPress iVysilani Shortcode plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin iVysilani Shortcode versions = 3.0...
WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...
WordPress Gutena Forms plugin < 1.6.1 - Contributor+ Arbitrary Limited Options Update vulnerability
Contributor+ Arbitrary Limited Options Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder versions 1.6.1...
WordPress UpMenu plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin UpMenu versions = 3.1...
WordPress Relevanssi Premium plugin < 2.29.0 - Contributor+ SQLi vulnerability
Contributor+ SQLi vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Relevanssi Premium versions 2.29.0...
Insertion of Sensitive Information Into Sent Data
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data. An attacker can access sensitive information by leveraging contributor-level privileges to retrieve...
CVE-2023-23728
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Winwar Media WP Flipclock plugin = 1.7.4 versions...
CVE-2023-1905
The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-27612
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...
CVE-2024-11267 JSP Store Locator <= 1.0 - Contributor+ SQL Injection
The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks...
WordPress Typer Core plugin <= 1.9.6 - Authenticated (Contributor+) Post Disclosure vulnerability
Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Typer Core versions = 1.9.6...
WordPress SIP Reviews Shortcode for WooCommerce plugin <= 1.2.3 - Authenticated (Contributor+) Cross-Site Scripting vulnerability
Authenticated Contributor+ Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin SIP Reviews Shortcode for WooCommerce versions = 1.2.3...