15887 matches found
CVE-2017-18583
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...
CVE-2017-18514
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection...
CVE-2017-18605
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...
CVE-2019-20831
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash...
CVE-2020-7239
The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent...
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
CVE-2020-12070
The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php...
CVE-2023-25484
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Oliver Schlöbe Simple Yearly Archive plugin = 2.1.8 versions...
CVE-2023-25479
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...
CVE-2023-45049
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ciprian Popescu YouTube Playlist Player plugin = 4.6.7 versions...
CVE-2023-45068
Cross-Site Request Forgery CSRF vulnerability in Supsystic Contact Form by Supsystic plugin = 1.7.27 versions...
CVE-2023-45642
Cross-Site Request Forgery CSRF vulnerability in Hassan Ali Snap Pixel plugin = 1.5.7 versions...
CVE-2023-31091
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pradeep Singh Dynamically Register Sidebars plugin = 1.0.1 versions...
CVE-2023-4242
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about...
CVE-2023-4730
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initendpoint function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An...
CVE-2023-4941
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsswap function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...
CVE-2023-4919
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...
CVE-2023-4024
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances...
CVE-2023-4689
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...
CVE-2023-4962
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'videopopup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...