1698 matches found
PT-2024-37661 · WordPress · Inline Related Posts
Name of the Vulnerable Software and Affected Versions: Inline Related Posts WordPress plugin versions prior to 3.8.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
CVE-2024-6571
The Optimize Images ALT Text alt tag & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible fo...
WordPress Robo Gallery plugin <= 3.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Title vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Gallery Title vulnerability discovered by Tim Coen in WordPress Plugin Robo Gallery versions = 3.2.19...
CVE-2024-6420
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability
Deserialization of untrusted data vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Search & Replace versions = 3.2.2...
WordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin ReDi Restaurant Reservation versions = 24.0422...
WordPress Easy Image Collage plugin <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Content Deletion vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Post Content Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Easy Image Collage versions = 1.13.5...
CVE-2024-5475
The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
WordPress Media Library Assistant plugin <= 3.16 - Authenticated SQL Injection vulnerability
Authenticated SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Media LIbrary Assistant versions = 3.16...
WordPress plugin EmbedSocial security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Collapse-O-Matic plugin <= 1.8.5.8 - Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Stored Cross-Site Scripting via Shortcode vulnerability discovered by Jack Taylor in WordPress Plugin Collapse-O-Matic versions = 1.8.5.8...
EUVD-2024-27422
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...
WordPress plugin Tutor LMS security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Social Snap security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin EventPrime security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Integrate Google Drive security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin HT Feed cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Analytify Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...
WordPress plugin Tutor LMS security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-35136 · WordPress · The Easy Social Like Box – Popup – Sidebar Widget
Name of the Vulnerable Software and Affected Versions: The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress versions up to, and including, 4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'cardoza facebook like box' shortcode due to...