60 matches found
WordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.3.10...
WordPress Benaa Framework plugin <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin Benaa Framework versions = 4.0.0...
WordPress Block Editor Gallery Slider plugin <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Post Meta Update vulnerability discovered by Poli in WordPress Plugin Block Editor Gallery Slider versions = 1.1.1...
WordPress JetSmartFilters plugin <= 3.6.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetSmartFilters versions = 3.6.8...
WordPress Easy Contact Form Lite plugin <= 1.1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krugov Artyom in WordPress Plugin Easy Contact Form Lite versions = 1.1.28...
WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via button+modal Widget vulnerability discovered by Webbernaut in WordPress Plugin WidgetKit versions = 2.5.4...
WordPress EC Stars Rating plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin EC Stars Rating versions = 1.0.11...
WordPress iCount Payment Gateway plugin <= 2.0.7 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin iCount Payment Gateway versions = 2.0.7...
WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability
Arbitrary File Upload Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin File Manager Plugin For Wordpress versions = 7.5...
WordPress Responsive Lightbox & Gallery plugin < 2.5.2 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Responsive Lightbox versions 2.5.2...
WordPress Constructor Theme <= 1.6.5 is vulnerable to Broken Access Control
Software Constructor Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53302 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 616342014c3c Credits Sulabh Jain Required privilege...
WordPress WP-PhotoNav plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photonav Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via photonav Shortcode vulnerability discovered by Gilang in WordPress Plugin WP-PhotoNav versions = 1.2.2...
WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin CRM ERP Business Solution versions = 1.13...
WordPress Inventory Presser plugin <= 15.2.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by greenhats in WordPress Plugin Inventory Presser versions = 15.2.6...
WordPress Classified Listing plugin <= 4.2.0 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Classified Listing versions = 4.2.0...
WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via aria-label Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Responsive Slider by MetaSlider versions = 3.98.0...
WordPress IndieBlocks plugin <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via kind Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin IndieBlocks versions = 0.13.2...
WordPress WP-Addpub plugin <= 1.2.8 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by muhammad yudha in WordPress Plugin WP-Addpub versions = 1.2.8...
WordPress WP Post Corrector plugin <= 1.0.2 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin WP Post Corrector versions = 1.0.2...
WordPress Viral Loops WP Integration plugin <= 3.8.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Viral Loops WP Integration versions = 3.8.1...