CVE-2019-15829

The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS...

CVE-2019-15817

The easy-property-listings plugin before 3.4 for WordPress has XSS...

CVE-2019-15816

The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via savesettingspage and other save functions...

CVE-2019-15821

The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data...

Directory traversal

The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal...

WordPress patreon-connect plugin injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An injection vulnerability exists in the WordPress patreon-connect plugin. Detailed vulnerability details are...

WordPress shapepress-dsgvo cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shapepress-dsgvo is a plugin used to add the General Data Protection Regulation to websites. A cross-site scripting vulnerability exis...

Code injection

DISPUTED cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true tha...

CVE-2019-15774

The nd-booking plugin before 2.5 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

CVE-2019-15773

The nd-travel plugin before 1.7 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

CVE-2018-21007

The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads...

Crlf injection

The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file...

CVE-2019-15776

The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file...

CVE-2018-21007

The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads...

WordPress insert-or-embed-articulate-content-into-wordpress plugin has unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. insert-or-embed-articulate-content-into-wordpress is a plugin for embedding Articulate content into pages. A security vulnerability...

WordPress woocommerce-catalog-enquiry plugin code issue vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. woocommerce-catalog-enquiry is a product catalog management plugin for e-commerce. A security vulnerability exists in the WordPress...

WordPress cp-polls plugin cross-site scripting vulnerability (CNVD-2019-29239)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress cp-polls plugin versions prior to 1.0.5. The vulnerability stems...

WordPress buddyforms plugin SQL injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress buddyforms plugin versions prior to 2.2.8, which can be exploited by...

WordPress wp-polls plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-polls is a plugin used to build a voting system in it. A cross-site scripting vulnerability exists in WordPress wp-polls plugin...

Design/Logic Flaw

The Post Connector plugin before 1.0.4 for WordPress has XSS via addqueryarg and removequeryarg...