572 matches found
WordPress Aiomatic plugin <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by khanhhnahk1 in WordPress Plugin Aiomatic versions = 2.5.0...
WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability
Server Side Request Forgery SSRF Vulnerability discovered by domiee13 in WordPress Plugin WPThumb versions = 0.10...
WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update vulnerability
Incorrect Authorization to Authenticated Contributor+ Plugin Settings Update vulnerability discovered by Amin Beheshti in WordPress Plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage versions = 19.9.0...
WordPress Color Palette plugin <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via hex Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Color Palette versions = 4.3.2...
WordPress Telegram for WP plugin <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan in WordPress Plugin Telegram for WP versions = 1.6.1...
WordPress Aora Theme <= 1.3.9 is vulnerable to Local File Inclusion
Software Aora Type Theme Vulnerable versions = 1.3.9 Fixed in 1.3.10 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49260 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c279fefa752d Credits Phat RiO - BlueRock Required privilege...
WordPress Zota Theme <= 1.3.8 is vulnerable to Local File Inclusion
Software Zota Type Theme Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49257 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 511b31ea918b Credits Phat RiO - BlueRock Required privilege...
WordPress ESV Bible Shortcode for WordPress plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin ESV Bible Shortcode for WordPress versions = 1.0.2...
WordPress WP Compress for MainWP plugin <= 6.30.32 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by HLog in WordPress Plugin WP Compress for MainWP versions = 6.30.32...
WordPress WP Time Slots Booking Form plugin <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Jang Jeong Ahn Jhanks in WordPress Plugin WP Time Slots Booking Form versions = 1.2.30...
WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...
WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant versions = 4.1.1...
WordPress Number of Products per Page – Pagination Manager for WooCommerce plugin <= 2.4.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Number of Products per Page Pagination Manager for WooCommerce versions = 2.4.0...
WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Real Time Validation for Gravity Forms versions = 1.7.0...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability discovered by Robert DeVore in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...
WordPress MStore API plugin <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Posts Creation vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin MStore API versions = 4.17.5...
WordPress eMagicOne Store Manager for WooCommerce plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() vulnerability
Unauthenticated Arbitrary File Upload via setfile vulnerability discovered by Ryan Kozak in WordPress Plugin eMagicOne Store Manager versions = 1.2.5...
WordPress WP SMTP plugin <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email vulnerability
Unauthenticated Stored Cross-Site Scripting via Email vulnerability discovered by zer0gh0st in WordPress Plugin WP SMTP versions = 2.1.5...
WordPress Pagelayer plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Link vulnerability discovered by zer0gh0st in WordPress Plugin PageLayer versions = 2.0.0...
WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin ReDi Restaurant Reservation versions = 24.1209...