CVE-2022-46857

Cross-Site Request Forgery CSRF vulnerability in SiteAlert plugin = 1.9.7 versions...

CVE-2022-47587

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Cornel Raiu WP Search Analytics plugin = 1.4.5 versions...

CVE-2022-46798

Cross-Site Request Forgery CSRF vulnerability in HasThemes ShopLentor plugin = 2.5.1 leading to plugin settings change...

CVE-2022-47175

Cross-Site Request Forgery CSRF vulnerability in P Royal Royal Elementor Addons and Templates plugin = 1.3.75 versions...

CVE-2022-47766

PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability...

CVE-2022-43461

Stored Cross-Site Scripting XSS vulnerability in John West Slideshow SE plugin = 2.5.5 versions...

WordPress plugin Visual Header 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin AncoraThemes Umberto 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2022-42880

Cross-Site Request Forgery CSRF vulnerability in Ali Irani Auto Upload Images plugin = 3.3 versions allows Stored Cross-Site Scripting XSS...

CVE-2022-1384

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities...

CVE-2022-46812

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

CVE-2022-46851

Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force Starter Templates plugin = 3.1.20 versions...

CVE-2022-47167

Cross-Site Request Forgery CSRF vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin = 2.8.4 versions...

CVE-2022-47155

Cross-Site Request Forgery CSRF vulnerability in Supsystic Slider by Supsystic plugin = 1.8.5 versions...

CVE-2022-47173

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin = 1.62.0 versions...

CVE-2021-25039

The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcccontenttype, wmccsourceblog and wmccrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-4367

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...

CVE-2021-24858

The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection...

CVE-2020-25033

The Blubrry subscribe-sidebar aka Subscribe Sidebar plugin 1.3.1 for WordPress allows subscribesidebar.php= reflected XSS...

CVE-2020-35589

The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by th...