330 matches found
CVE-2023-37869 WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0...
CVE-2024-2024
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handlefoldersfileupload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...
CVE-2024-2024
CVE-2024-2024 affects Folders Pro for WordPress. All versions up to 3.0.2 fail to validate file types in handle_folders_file_upload, allowing authenticated users with author+ privileges to upload arbitrary files to the server, with potential remote code execution. Remediation: upgrade to 3.0.3 (p...
CVE-2024-4404
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...
WordPress Folders Pro plugin <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via User First Name and Last Name vulnerability discovered by mike harris in WordPress Plugin Folders versions = 3.0.2...
CVE-2024-3868
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-3868 Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
EUVD-2024-32528
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...
CVE-2024-3962 Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...
CVE-2024-3962
The CVE CVE-2024-3962 affects Product Addons & Fields for WooCommerce (PPOM) on WordPress. It is caused by missing file type validation in the ppom_upload_file function, allowing unauthenticated arbitrary file uploads on all versions up to and including 32.0.18. Exploitation requires PPOM Pro ins...
WordPress Piotnet Addons For Elementor Pro Plugin <= 7.1.17 is vulnerable to Server Side Request Forgery (SSRF)
Software Piotnet Addons For Elementor Pro Type Plugin Vulnerable versions = 7.1.17 Fixed in N/A OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-33634 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fd220e386df6 Credits Dave Jong...
WordPress Element Pack Pro Plugin <= 7.7.4 is vulnerable to Arbitrary File Download
Software Element Pack Pro Type Plugin Vulnerable versions = 7.7.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-33568 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6b262cd1989a Credits Rafie Muhammad Patchstack...
CVE-2024-3645
CVE-2024-3645 affects the WordPress plugin Essential Addons for Elementor Pro (Counter widget). The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes (e.g., title_html_tag). Impact: authenticated attackers w...
CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
WordPress WP Staging Pro plugin < 5.4.0 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Wp Staging Pro versions 5.4.0...
CVE-2024-1279
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata...
CVE-2023-51540 WordPress Custom 404 Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0...
WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5cacf0b27060 Credits Francesco Carlucci...
CVE-2023-49830 WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)
Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...
WordPress Plugin WP All Export Pro Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...