518 matches found
WordPress Aitasi Coming Soon Plugin <= 2.0.2 - Deserialization of untrusted data Vulnerability
Deserialization of untrusted data Vulnerability discovered by Drew / mcdruid in WordPress Plugin Aitasi Coming Soon versions = 2.0.2...
WordPress Dadevarzan WordPress Common Plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Dadevarzan WordPress Common versions = 2.2.2...
WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Goal Tracker for Patreon versions = 0.4.6...
WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recurring PayPal Donations versions = 1.8...
WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Kento Splash Screen versions = 1.4...
WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Themify Builder versions = 7.6.7...
CVE-2025-9165
A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is...
WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Custom Comment versions = 2.1.6...
WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Mika in WordPress Plugin WPDM – Premium Packages versions = 6.0.2...
WordPress Shortcode Redirect Plugin <= 1.0.02 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Rooting in WordPress Plugin Shortcode Redirect versions = 1.0.02...
WordPress Modernize Theme <= 3.4.0 is vulnerable to Broken Access Control
Software Modernize Type Theme Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53343 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b7dbe31498eb Credits Ananda Dhakal Patchstack Required...
WordPress PowerPress Podcasting plugin <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Krugov Artyom in WordPress Plugin PowerPress Podcasting versions = 11.9.17...
WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...
CVE-2025-43857
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...
WordPress Hustle Plugin <= 7.8.5 is vulnerable to Broken Access Control
Software Hustle Type Plugin Vulnerable versions = 7.8.5 Fixed in 7.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10580 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 82d2fb561073 Credits Vijaysimha Reddy vijaysimha Required privileg...
WordPress Otter - Gutenberg Block Plugin <= 3.0.6 is vulnerable to Path Traversal
Software Otter - Gutenberg Block Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-11219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 16f94f193561 Credits mikemyers Required privilege...
WordPress Hustle Plugin <= 7.8.5 is vulnerable to Broken Access Control
Software Hustle Type Plugin Vulnerable versions = 7.8.5 Fixed in 7.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10579 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 422186a969dd Credits Vijaysimha Reddy vijaysimha Required privileg...
WordPress FluentSMTP Plugin <= 2.2.82 is vulnerable to PHP Object Injection
Software FluentSMTP Type Plugin Vulnerable versions = 2.2.82 Fixed in 2.2.83 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9511 Patch priority Low CVSS severity Low 9.8 Developer WP ManageNinja LLC PSID 44d93a16fa65 Credits Leo Required privilege Unauthenticated...
WordPress WP Mailster Plugin <= 1.8.16.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Mailster Type Plugin Vulnerable versions = 1.8.16.0 Fixed in 1.8.17.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-53737 Patch priority Low CVSS severity Low 6.5 Developer WP Mailster PSID 83aa8c3ff329 Credits Lam Que Chi Required privilege Contribut...
WordPress WP Travel Engine Plugin <= 6.2.1 is vulnerable to Broken Access Control
Software WP Travel Engine Type Plugin Vulnerable versions = 6.2.1 Fixed in 6.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10606 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e46e3ce94c1a Credits Noah Stead TurtleBurg Requir...