WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin e2pdf versions = 1.25.05...

WordPress WooCommerce - Social Login plugin <= 2.7.5 - Authentication Bypass to Account Takeover vulnerability

WordPress WooCommerce - Social Login plugin = 2.7.5 - Authentication Bypass to Account Takeover vulnerability discovered by Truoc Phan in WordPress Plugin WooCommerce Social Login versions = 2.7.5...

WordPress plugin WPSection 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress plugin Depicter Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

WordPress BSK Forms Blacklist plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin BSK Forms Blacklist versions = 3.8...

WordPress Participants Database plugin <= 2.5.9.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Participants Database versions = 2.5.9.2...

WordPress plugin CRM Perks Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Zephyr Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37661 · WordPress · Inline Related Posts

Name of the Vulnerable Software and Affected Versions: Inline Related Posts WordPress plugin versions prior to 3.8.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

CVE-2024-6571

The Optimize Images ALT Text alt tag & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible fo...

WordPress Robo Gallery plugin <= 3.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Title vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gallery Title vulnerability discovered by Tim Coen in WordPress Plugin Robo Gallery versions = 3.2.19...

CVE-2024-6420

The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Search & Replace versions = 3.2.2...

WordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin ReDi Restaurant Reservation versions = 24.0422...

WordPress Easy Image Collage plugin <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Content Deletion vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Content Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Easy Image Collage versions = 1.13.5...

CVE-2024-5475

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

WordPress Media Library Assistant plugin <= 3.16 - Authenticated SQL Injection vulnerability

Authenticated SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Media LIbrary Assistant versions = 3.16...

WordPress plugin EmbedSocial security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Collapse-O-Matic plugin <= 1.8.5.8 - Authenticated Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Stored Cross-Site Scripting via Shortcode vulnerability discovered by Jack Taylor in WordPress Plugin Collapse-O-Matic versions = 1.8.5.8...

EUVD-2024-27422

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...