220493 matches found
WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin
Unauthenticated Stored DOM XSS via pagetitle Broadcast in AVideo YPTSocket Plugin Summary A stored DOM Cross-Site Scripting vulnerability CWE-79 in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated origin of every administrator...
WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination
Unauthenticated Reflected XSS via $GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...
EUVD-2026-33303
WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint...
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 25, 2026 to May 31, 2026)
Last week, there were 277 vulnerabilities disclosed in 184 WordPress Plugins and 70 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 94 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...
Exploit for Deserialization of Untrusted Data in Presstigers Simple_Job_Board
CVE-2024-1813 - Simple Job Board ≤ 2.11.0 WordPress - Unauth...
CVE-2019-25745
WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...
CVE-2019-25727
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...
CVE-2019-25745
CVE-2019-25745 affects WordPress Plugin Google Review Slider 6.1. The vulnerability is a time-based blind SQL injection in the tid parameter, exploitable via GET requests to the plugin’s admin interface by unauthenticated attackers to manipulate queries and potentially extract data. According to ...
CVE-2019-25745
WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...
CVE-2019-25745 WordPress Plugin Google Review Slider 6.1 SQL Injection via tid
WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...
CVE-2019-25743
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...
CVE-2019-25734 Contact Form by WD 1.13.1 CSRF to Local File Inclusion
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...
CVE-2019-25734 Contact Form by WD 1.13.1 CSRF to Local File Inclusion
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...
EUVD-2019-20163
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...
CVE-2019-25727
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...
CVE-2019-25727
The CVE-2019-25727 entry describes an Arbitrary File Download vulnerability in WordPress Plugin ad manager wd 1.0.11. An unauthenticated attacker can target the edit.php endpoint by supplying export=export_csv and a malicious path parameter to read sensitive files accessible to the web server (e....
CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...