66 matches found
WordPress WPSchoolPress plugin <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation vulnerability
Insecure Direct Object Reference to Authenticated Teacher+ Account Takeover/Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.10...
WordPress MultiVendorX plugin <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates vulnerability
Cross-Site Request Forgery to Vendor Updates vulnerability discovered by wesley wcraft in WordPress Plugin MultiVendorX versions = 4.2.4...
WordPress AppPresser plugin <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP vulnerability
Privilege Escalation and Account Takeover via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin AppPresser versions = 4.4.4...
WordPress Ninja Forms Contact Form plugin <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer vulnerability
Reflected Self-Based Cross-Site Scripting via Referer vulnerability discovered by wesley wcraft in WordPress Plugin Ninja Forms versions = 3.8.15...
WordPress Charitable plugin <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability
Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Charitable versions = 1.8.1.14...
Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin
📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...
WordPress EventON plugin < 2.2.17 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Wesley "dk4trin" Santos in WordPress Plugin EventON versions 2.2.17...
WordPress Preloader Plus – WordPress Loading Screen Plugin plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Preloader Plus - Wordpress Loading Screen Plugin versions = 2.2.1...
WordPress WP-Recall plugin <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update vulnerability
Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update vulnerability discovered by wesley wcraft in WordPress Plugin WP-Recall versions = 16.26.8...
WordPress WC Marketplace Plugin <= 4.2.0 is vulnerable to Privilege Escalation
Software WC Marketplace Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8289 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 9025ce00a31d Credits wesley...
WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Responsive Lightbox versions = 2.4.7...
WordPress Blog2Social plugin <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Blog2Social versions = 7.5.4...
WordPress Premium Portfolio Features for Phlox theme plugin <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via ' Grid Portfolios' vulnerability discovered by wesley wcraft in WordPress Plugin Phlox Portfolio versions = 2.3.2...
WordPress The Plus Addons for Elementor Page Builder plugin <= 5.5.6 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Pro versions = 5.5.6...
WordPress ElementsKit plugin <= 3.6.2 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin ElementsKit Pro versions = 3.6.2...
WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Authenticated Stored Cross-Site Scripting via Site Title Widget vulnerability
Authenticated Stored Cross-Site Scripting via Site Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.35...
WordPress Qi Blocks plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Qi Blocks versions = 1.2.9...
WordPress Brizy – Page Builder plugin <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form vulnerability
Unauthenticated Stored Cross-Site Scripting via Form vulnerability discovered by wesley wcraft in WordPress Plugin Brizy versions = 2.4.43...
WordPress The Plus Addons for Elementor Pro plugin <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Heading Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Pro versions = 5.5.4...
WordPress PostX plugin <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin PostX versions = 4.1.1...