57 matches found
WordPress DocoDoco Store Locator plugin <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload vulnerability
Authenticated Editor+ Arbitrary File Upload vulnerability discovered by ifoundbug in WordPress Plugin DocoDoco Store Locator versions = 1.0.1...
WordPress onOffice for WP-Websites plugin <= 6.5.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dutafi in WordPress Plugin onOffice for WP-Websites versions = 6.5.1...
EUVD-2021-11421
Malware in sbrugna...
EUVD-2023-44816
Malicious code in bioql PyPI...
WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Jieun Kim in WordPress Plugin TZ PlusGallery versions = 1.5.5...
CVE-2025-58746
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...
WordPress Elementor Element Condition Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Elementor Element Condition versions = 1.0.5...
WordPress WP Airdrop Manager plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin WP Airdrop Manager versions = 1.0.5...
CVE-2024-31394
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...
WordPress Team Members Showcase plugin < 4.4.2 - Editor+ Stored XSS vulnerability
Editor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Team versions 4.4.2...
CVE-2024-8492
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress Slider, Gallery, Carousel by MetaSlider plugin < 3.95.0 - Editor+ Stored XSS vulnerability
Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Responsive Slider by MetaSlider versions 3.95.0...
WordPress Smart Icons For WordPress plugin <= 1.0.4 - Authenticated (Editor+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Editor+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Smart Icons For WordPress versions = 1.0.4...
PT-2025-7591
Name of the Vulnerable Software and Affected Versions DDSN Interactive cm3 Acora CMS version 10.1.1 Description The issue concerns an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the...
CVE-2024-7879
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9590 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0608197ee970 Credits István...
WordPress Simple Job Board Plugin <= 2.12.3 is vulnerable to PHP Object Injection
Software Simple Job Board Type Plugin Vulnerable versions = 2.12.3 Fixed in 2.12.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7351 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a1947bfcfa95 Credits Francesco Carlucci Required privileg...
WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.15.6 is vulnerable to Cross Site Scripting (XSS)
Software 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Type Plugin Vulnerable versions = 1.15.6 Fixed in 1.15.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43152 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c27b38c9e4e0...
CVE-2024-3026
CVE-2024-3026 affects WordPress Button Plugin MaxButtons (versions
WordPress PowerPack Lite for Beaver Builder Plugin <= 1.3.0.3 is vulnerable to Local File Inclusion
Software PowerPack Lite for Beaver Builder Type Plugin Vulnerable versions = 1.3.0.3 Fixed in 1.3.0.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37410 Patch priority Low CVSS severity Low 4.9 Developer IdeaBox Creations PSID 6c1f186fa5b1 Credits João...