145 matches found
WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion vulnerability
Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Image Optimizer by Elementor versions = 1.7.4...
WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability
Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...
WordPress WooCommerce Stripe Payment Gateway plugin <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation vulnerability
Missing Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce Stripe Payment Gateway versions = 10.7.0...
WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin All In One WP Security & Firewall versions = 5.4.7...
WordPress Easy Updates Manager plugin <= 9.0.20 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Easy Updates Manager versions = 9.0.20...
WordPress PDF Embedder plugin <= 4.9.3 - Authenticated (Contributor+) Information Exposure vulnerability
Authenticated Contributor+ Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin PDF Embedder versions = 4.9.3...
WordPress Hostinger Reach – AI-Powered Email Marketing for WordPress plugin <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update vulnerability
Missing Authorization to Authenticated Subscriber+ Integration API Key Update vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Hostinger Reach AI-Powered Email Marketing for WordPress versions = 1.3.8...
WordPress HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin <= 11.3.32 - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure vulnerability
Forms, Popups, Live Chat plugin = 11.3.32 - Forms, Popups, Live Chat = 11.3.32 - Missing Authorization to Authenticated Contributor+ Installed Plugin Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin HubSpot versions = 11.3.32...
WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...
WordPress ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability
Authenticated Subscriber+ Missing Authorization to Google Ads Access Token Retrieval vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin ExactMetrics versions = 9.1.2...
WordPress Email Encoder plugin < 2.3.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Encoder Bundle versions 2.3.4...
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...
WordPress Query Monitor plugin <= 3.20.3 - Reflected Cross-Site Scripting via Request URI vulnerability
Reflected Cross-Site Scripting via Request URI vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Query Monitor versions = 3.20.3...
WordPress Smart Slider 3 plugin <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll vulnerability
Authenticated Subscriber+ Arbitrary File Read via actionExportAll vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Smart Slider 3 versions = 3.5.1.33...
WordPress The Events Calendar plugin <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability
Authenticated Author+ Arbitrary File Read via ajaxcreateimport vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Events Calendar versions = 6.15.17...
WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Stored Cross-Site Scripting via Template Conditions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...
WordPress Modular Connector plugin <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth vulnerability
Cross-Site Request Forgery via postConfirmOauth vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Modular DS versions = 2.5.1...
WordPress The Plus Addons for Elementor plugin <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' vulnerability
Incorrect Authorization to Authenticated Author+ Arbitrary Draft Post Creation via 'posttype' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...
WordPress JSM file_get_contents() Shortcode plugin < 2.7.1 - Contributor+ SSRF vulnerability
Contributor+ SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin JSM filegetcontents Shortcode versions 2.7.1...
WordPress Photo Gallery by 10Web plugin < 1.8.31 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.31...