1261 matches found
WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Norse Rune Oracle Plugin versions = 1.4.3...
WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin Directorist AddonsKit for Elementor versions = 1.1.6...
WordPress Nova Blocks by Pixelgrade plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Nova Blocks versions = 2.1.8...
WordPress Breaking News WP Plugin <= 1.3 - CSRF to Settings Change vulnerability
CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Breaking News WP versions = 1.3...
WordPress Auto scroll for reading plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Auto scroll for reading versions = 1.1.4...
WordPress Awesome Event Booking plugin <= 2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Awesome Event Booking versions = 2.8.4...
WordPress Ni WooCommerce Product Enquiry plugin <= 4.1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika in WordPress Plugin Ni WooCommerce Product Enquiry versions = 4.1.8...
WordPress Import Export Suite for CSV and XML Datafeed plugin <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin WP Ultimate CSV Importer versions = 7.19...
WordPress Real Estate 7 Theme <= 3.5.4 is vulnerable to Arbitrary File Upload
Software Real Estate 7 Type Theme Vulnerable versions = 3.5.4 Fixed in 3.5.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-2891 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 22e03f3e7c10 Credits Foxyyy Required privilege Seller...
WordPress Kudos Donations Plugin <= 3.2.9 is vulnerable to Cross Site Scripting (XSS)
Software Kudos Donations Type Plugin Vulnerable versions = 3.2.9 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 27c0ae774d02 Credits vgo0 Required...
WordPress Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) Plugin <= 1.2.1 is vulnerable to SQL Injection
Software Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11009 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID...
WordPress Category Ajax Filter Plugin <= 2.8.2 is vulnerable to Local File Inclusion
Software Category Ajax Filter Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10871 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 41b4026eef43 Credits Le Ngoc Anh Required privilege...
WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)
Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10308 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7709d157b72c Credits zer0gh0st Required...
WordPress Skt NURCaptcha Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)
Software Skt NURCaptcha Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11342 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f1e7b8255838 Credits SOPROBRO Required...
WordPress Video Lessons Manager Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)
Software Video Lessons Manager Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de6edf652333 Credits Peter...
WordPress CM On Demand Search And Replace Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf0ce3925274 Credits...
WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Sensitive Data Exposure
Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8899 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a83345ae77b9 Credits Ankit Patel Required...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...
WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Broken Access Control
Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9941 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 71c6636a78f1 Credits Tonn Required privilege Subscriber...
WordPress Rescue Shortcodes Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)
Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9032d40ace0e Credits Peter Thaleikis Required...