139 matches found
WordPress FunnelKit Automations plugin <= 3.6.3 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin FunnelKit Automations versions = 3.6.3...
WordPress Authentication and xmlrpc log writer plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Authentication and xmlrpc log writer versions = 1.2.2...
WordPress Advanced Google Universal Analytics plugin <= 1.0.3 - Broken Access Control to Sensitive Data Exposure vulnerability
Broken Access Control to Sensitive Data Exposure vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Advanced Google Universal Analytics versions = 1.0.3...
WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability
Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ReachShip WooCommerce Multi-Carrier & Conditional Shipping versions = 4.3.1...
WordPress SureForms plugin < 1.7.2 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.7.2...
WordPress WP Front User Submit / Front Editor plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin WP Front User Submit / Front Editor versions = 4.9.3...
WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability
WordPress eForm - WordPress Form Builder 4.19.1 - Cross Site Scripting XSS Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin eForm - WordPress Form Builder versions 4.19.1...
WordPress FlatNews Theme <= 5.8 is vulnerable to Cross Site Scripting (XSS)
Software FlatNews Type Theme Vulnerable versions = 5.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-32305 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ff5e3bb37606 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...
WordPress Sailthru Triggermail plugin < 1.1 - Subscriber+ Stored XSS vulnerability
Subscriber+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions 1.1...
WordPress WP Content Security Plugin plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields vulnerability
Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin WP Content Security Plugin versions = 2.3...
WordPress Nomupay Payment Processing Gateway plugin <= 7.1.7 - Arbitrary File Download Vulnerability
Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.7...
WordPress eForm plugin <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shaman0x01 in WordPress Plugin eForm - WordPress Form Builder versions = 4.18.0...
WordPress Site Notify plugin <= 1.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Vo Thi Ngoc Nhi in WordPress Plugin Site Notify versions = 1.0...
WordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Aiden in WordPress Plugin TextMe SMS versions = 1.9.1...
WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin MyBookProgress by Stormhill Media versions = 1.0.8...
WordPress SEO Landing Page Generator Plugin <= 1.66.2 is vulnerable to Cross Site Scripting (XSS)
Software SEO Landing Page Generator Type Plugin Vulnerable versions = 1.66.2 Fixed in 1.66.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11366 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d742f2bf7f0 Credits vgo0...
WordPress Video Lessons Manager Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)
Software Video Lessons Manager Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de6edf652333 Credits Peter...
WordPress PeachPay Payments Plugin <= 1.112.0 is vulnerable to Cross Site Scripting (XSS)
Software PeachPay Payments Type Plugin Vulnerable versions = 1.112.0 Fixed in 1.113.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11362 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab27db02ed0 Credits vgo0 Requir...
WordPress Button Block Plugin <= 1.1.4 is vulnerable to Broken Authentication
Software Button Block Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10671 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ae07da220d1c Credits...