WordPress Google CSE plugin <= 1.0.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Google CSE versions = 1.0.7...

WordPress Social Link Pages plugin <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting vulnerability

Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Social Link Pages versions = 1.6.9...

WordPress WPUpper Share Buttons plugin <= 3.43 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin WPUpper Share Buttons versions = 3.43...

WordPress Inquiry Cart plugin <= 3.4.2 - CSRF Leading to Stored Cross-Site Scripting vulnerability

CSRF Leading to Stored Cross-Site Scripting vulnerability discovered by Bob Matyas in WordPress Plugin Inquiry Cart versions = 3.4.2...

WordPress Advanced iFrame plugin <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Advanced iFrame versions = 2024.3...

WordPress plugin WP Go Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress ApplyOnline plugin <= 2.6.2 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Lucio Sá in WordPress Plugin ApplyOnline versions = 2.6.2...

PT-2024-32332 · WordPress · Wp Table Builder

Name of the Vulnerable Software and Affected Versions: The WP Table Builder – WordPress Table Plugin versions up to, and including, 1.4.14 Description: The issue is related to Stored Cross-Site Scripting via the button element due to insufficient input sanitization and output escaping. This allow...

WordPress plugin WordPress Social Login and Register 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Envo's Elementor Templates & Widgets for WooCommerce versions = 1.4.8...

WordPress Social Warfare plugin <= 4.4.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Social Warfare versions = 4.4.5.1...

WordPress Social Connect plugin <= 1.2 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin Social Connect versions = 1.2...

WordPress plugin WidgetKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress Content Views plugin <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via pagingType Parameter vulnerability discovered by wesley wcraft in WordPress Plugin Content Views versions = 3.7.1...

WordPress Crelly Slider plugin <= 1.4.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Crelly Slider versions = 1.4.6...

WordPress plugin Academy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24996 · WordPress · User Registration – Custom Registration Form

Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to unauthorized loss of data due to a missing capability check on the profile p...

WordPress Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dau Hoang Tai in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.34...

WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Masteriyo - LMS versions = 1.7.3...

WordPress Salon booking system plugin <= 9.6.5 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Salon booking system versions = 9.6.5...