10 matches found
WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin UpStream: a Project Management Plugin for WordPress versions = 2.1.1...
WordPress PowerPress Podcasting plugin <= 11.13.11 - Server Side Request Forgery (SSRF) Vulnerability
Server Side Request Forgery SSRF Vulnerability discovered by Anhchangmutrang in WordPress Plugin PowerPress Podcasting versions = 11.13.11...
WordPress Esselink.nu Settings plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Esselink.nu Settings versions = 3.6...
WordPress kk Youtube Video plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin kk Youtube Video versions = 0.2...
WordPress Premium Addons for Elementor plugin <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Asaf Mozes in WordPress Plugin Premium Addons for Elementor versions = 4.11.8...
WordPress StageShow plugin <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via anchor Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin StageShow versions = 10.0.3...
WordPress WordPress Ajax Load More and Infinite Scroll plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin WordPress Ajax Load More and Infinite Scroll versions = 1.6.0...
WordPress WPCHURCH plugin <= 2.7.0 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Phúc ton luoi in WordPress Plugin WPCHURCH versions = 2.7.0...
WordPress WordPress Comments Import & Export plugin <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Jorgson in WordPress Plugin Comments Import & Export versions = 2.4.3...
WordPress Mr. Murphy Theme < 1.2.12.1 is vulnerable to PHP Object Injection
Software Mr. Murphy Type Theme Vulnerable versions 1.2.12.1 Fixed in 1.2.12.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49072 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 743adbe763dd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...