Cross site scripting

The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS...

Privilege escalation

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wpajax functions are mishandled...

CVE-2015-9396

The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS...

Advanced AJAX Product Filters < 1.3.7 - Unauthenticated Plugin Settings Update

The Advanced AJAX Product Filters WordPress plugin was affected by an Unauthenticated Plugin Settings Update security vulnerability...

CVE-2016-10989

The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkmefacebook CSRF...

CVE-2016-10981

The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kentopvcnumberslang, kentopvctodaytext, or kentopvctotaltext...

CVE-2016-10977

The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal...

CVE-2016-10982

The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvcsettings CSRF...

CVE-2016-10980

The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kentopvcgeo...

CVE-2016-10975

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter...

WordPress multisite-post-duplicator plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress multisite-post-duplicator plugin versions...

WordPress zx-csv-upload plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in version 1 of the WordPress zx-csv-upload plugin. The vulnerability ste...

WordPress quotes-collection plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress quotes-collection plugin versions prior to 2.0.6. The...

Directory traversal

The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion...

Cross site request forgery (csrf)

The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...

CVE-2017-18611

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWPCreateCustomFieldPage.php custom-field-css parameter...

CVE-2017-18605

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...

Sql injection

The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter...

CVE-2019-15895

search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes...

CVE-2018-21011

The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details...