5093 matches found
WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Embedder for Google Reviews versions = 1.7.3...
WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Mika in WordPress Plugin WPDM – Premium Packages versions = 6.0.2...
WordPress Shortcode Redirect Plugin <= 1.0.02 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Rooting in WordPress Plugin Shortcode Redirect versions = 1.0.02...
WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin WP Statistics versions = 14.15...
WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution Vulnerability
Arbitrary Code Execution Vulnerability discovered by Ryan Novotny in WordPress Plugin Add Custom Codes versions = 4.80...
WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by TAKERU OTSUKA Patchstack Alliance in WordPress Plugin Simple Poll versions = 1.1.1...
WordPress Kalium Theme <= 3.18.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Kalium Type Theme Vulnerable versions = 3.18.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-53347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 959fedc4e441 Credits Ananda Dhakal Patchstack...
WordPress Modernize Theme <= 3.4.0 is vulnerable to Broken Access Control
Software Modernize Type Theme Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53343 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b7dbe31498eb Credits Ananda Dhakal Patchstack Required...
WordPress Latepoint plugin < 5.1.94 - Unauthenticated LFI vulnerability
Unauthenticated LFI vulnerability discovered by wesley wcraft in WordPress Plugin LatePoint versions 5.1.94...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the improper handling of concurrently active streams per connection. An attacker can cause resource exhaustion and disrupt service availability by rapidly sending crafted...
GHSA-PRJ3-CCX8-P6X4 Netty affected by MadeYouReset HTTP/2 DDoS vulnerability
Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” MadeYouReset Vulnerability Summary The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to brea...
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability
Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” MadeYouReset Vulnerability Summary The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to brea...
WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Eventin versions = 4.0.31...
WordPress Authentication and xmlrpc log writer plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Authentication and xmlrpc log writer versions = 1.2.2...
WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WordPress Event Manager, Event Calendar and Booking Plugin versions = 4.0.24...
WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Responsive Posts Carousel Pro versions = 15.0...
WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by 63n0 in WordPress Plugin Welcart e-Commerce versions = 2.11.16...
WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by hamza alhababseh in WordPress Plugin Membership For WooCommerce versions = 2.9.0...
WordPress WP Dynamic Links plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin WP Dynamic Links versions = 1.0.1...
Linux Distros Unpatched Vulnerability : CVE-2017-12154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The preparevmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02...