224028 matches found
CVE-2016-20067
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...
CVE-2026-49064 WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...
CVE-2026-48969 WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability
Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...
CVE-2026-48969
CVE-2026-48969 describes a Broken Access Control vulnerability in the WordPress plugin Really Simple SSL prior to or equal to version 9.5.9 . The initial description and connected records confirm the affected product and version range; the CVSS metrics indicate a Network attack vector with Low pr...
CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...
CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...
CVE-2026-49111
The CVE covers WordPress Masteriyo LMS plugin versions up to 2.2.0 with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected component: Masteriyo LMS plugin. Root cause: incorrect privilege handling within the plugin. Impact: HIGH (CVSS 3.1, base score 8.8; ...
CVE-2026-49062 WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...
CVE-2026-52704
The vulnerability CVE-2026-52704 affects the WordPress WooCommerce PDF Invoice Builder plugin (
EUVD-2016-10897
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...
CVE-2018-25436 WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...
EUVD-2018-21958
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...
CVE-2018-25436 WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...
CVE-2016-20084
Summary: CVE-2016-20084 affects WordPress plugin “appointment-booking-calendar” version 1.1.24. The description reports multiple privilege-escalation XSS vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent JavaScript via admin.php parameters. Inj...
CVE-2016-20084 WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS
WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...
CVE-2016-20083
WordPress More Fields Plugin 2.1 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions by disabling CSRF token validation. Malicious pages can trick logged-in administrators into adding or deleting custom fields and boxes on the Write/E...
EUVD-2016-10895
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...
CVE-2016-20083 WordPress More Fields Plugin 2.1 Cross-Site Request Forgery
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...
CVE-2016-20083 WordPress More Fields Plugin 2.1 Cross-Site Request Forgery
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...
CVE-2016-20082
CVE-2016-20082 concerns the WordPress plugin Abtest . The vulnerability is a local file inclusion in the admin area via abtest_admin.php, where an unauthenticated attacker can influence the action parameter to include files from the admin directory and execute arbitrary code. The description indi...