WordPress Country Selector <1.6.6 - Cross-Site Scripting

WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in th...

WordPress Feed Them Social <3.0.1 - Cross-Site Scripting

WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...

WordPress ProfileGrid <5.1.1 - Cross-Site Scripting

WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read

WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33901 info:...

NEX-Forms Plugin < 7.9.7 - SQL Injection

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

Simple File List < 4.4.12 - Cross Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting id: CVE-2022-3062 info: name: Simple File List 4.4.12 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does not escape parameters before...

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

User Registration & Membership WordPress plugin - Open Redirect

User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...

HT Mega < 3.0.7 - Sensitive Information Disclosure

The HT Mega plugin for WordPress is vulnerable to Sensitive Information Exposure via AJAX actions. This template dynamically extracts the security nonce before exploitation. id: CVE-2026-4106 info: name: HT Mega 3.0.7 - Sensitive Information Disclosure author: EFETR severity: high description: |...

Templately <= 3.1.2 - Broken Access Control

Templately allow an attacker to logout users who signed in to their templately account, so you can sign in your templately account to exploit this vulnerability. Go to http://IP/wordpress/wp-admin/admin.php?page=templately&path=sign-in to sign in then logout. id: CVE-2024-47308 info: name:...

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting

The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting XSS in versions up to and including 2.11.7 due to insufficient input sanitization and output escaping in the 'place' parameter. id: CVE-2024-29137 info: name: WordPress Tourfic Plugin = 2.11.7 - Cross-Site Scripting...

WordPress Transposh Translation <1.0.8 - Cross-Site Scripting

WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in...

Prismatic < 2.8 - Cross-Site Scripting

The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator id: CVE-2021-24409 info: name: Prismatic 2.8 - Cross-Site Scripting author: Harsh...

Paid Memberships Pro < 2.6.6 - Cross-Site Scripting

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting id: CVE-2021-24979 info: name: Paid Memberships Pro 2.6.6 - Cross-Site Scripting author: r3Y3r53 severity:...

WordPress WPS Hide Login <1.9.1 - Information Disclosure

WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location. id:...

WordPress AnyComment <0.3.5 - Open Redirect

WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information...

WP Directory Kit <= 1.4.4 - Authentication Bypass

The WP Directory Kit plugin for WordPress version 1.4.4 and below contains an authentication bypass vulnerability in its auto-login functionality. The vulnerability allows unauthenticated attackers to gain administrative access by exploiting a cryptographically weak token generation mechanism tha...