140 matches found
Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
Popup4Phone WordPress plugin through 1.3.2 contains a reflected cross-site scripting caused by unsanitized parameters, letting unauthenticated users execute scripts in admin browsers, exploit requires sending crafted requests. id: CVE-2024-3231 info: name: Popup4Phone = 1.3.2 - Unauthenticated...
WordPress Integrator 1.32 - Cross-Site Scripting
A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...
Duplicate Page WordPress - Stored Cross-Site Scripting
Duplicate Page WordPress plugin = 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role. id: CVE-2021-24681 info: name: Duplicate Page WordPress...
CVE-2026-6897
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...
CVE-2025-14370
The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...
PT-2025-47251
Name of the Vulnerable Software and Affected Versions Multiple Roles per User plugin for WordPress versions up to and including 1.0 Description The Multiple Roles per User plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing capability check within...
PT-2025-46275
Name of the Vulnerable Software and Affected Versions Private Google Calendars plugin for WordPress versions prior to 20250811 Description The Private Google Calendars plugin for WordPress is susceptible to unauthorized data modification. This is caused by a missing capability check on the pgc...
PT-2025-45171
Name of the Vulnerable Software and Affected Versions Easy Email Subscription plugin for WordPress versions up to and including 1.3 Description The Easy Email Subscription plugin for WordPress is susceptible to SQL Injection via the uid parameter. This is due to inadequate input sanitization and...
CVE-2025-12350
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpajaxnoprivdominokitoptionadminaction AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...
PT-2025-44588
Name of the Vulnerable Software and Affected Versions WordPress Zombify plugin versions up to and including 1.7.5 Description The Zombify plugin for WordPress is susceptible to a Path Traversal issue. This is caused by inadequate input validation within the zf get file by url function...
PT-2025-44286
Name of the Vulnerable Software and Affected Versions Jenkins Themis Plugin versions 1.4.1 and earlier Description A flaw exists in the Jenkins Themis Plugin where a missing permission check allows attackers possessing Overall/Read permission to establish a connection to a HTTP server specified b...
PT-2025-44299
Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A flaw exists where a missing permission check allows attackers possessing Overall/Read permission to establish a connection to a URL specified by the attacker, utilizing...
PT-2025-44292
Name of the Vulnerable Software and Affected Versions Jenkins OpenShift Pipeline Plugin versions 1.0.57 and earlier Description The Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted within config.xml files on the Jenkins controller. These files are accessible to users...
PT-2025-44281
Name of the Vulnerable Software and Affected Versions Jenkins MCP Server Plugin versions 0.84.v50ca 24ef83f2 and earlier Description The Jenkins MCP Server Plugin does not properly enforce permission checks in several MCP tools. This allows attackers to initiate builds and access sensitive job an...
PT-2025-44284
Name of the Vulnerable Software and Affected Versions Jenkins Eggplant Runner Plugin versions 0.0.1.301.v963cffe8ddb 8 and earlier Description The Jenkins Eggplant Runner Plugin versions 0.0.1.301.v963cffe8ddb 8 and earlier configures the Java system property jdk.http.auth.tunneling.disabledSchem...
PT-2025-44298
Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A cross-site request forgery CSRF flaw exists in the Jenkins Publish to Bitbucket Plugin. This issue allows attackers to connect to a URL specified by the attacker,...
PT-2025-43599
Name of the Vulnerable Software and Affected Versions VNPAY Payment gateway plugin for WordPress versions up to and including 1.0.0 Description The VNPAY Payment gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping...
PT-2025-43587
Name of the Vulnerable Software and Affected Versions RapidResult plugin for WordPress versions up to and including 1.2 Description The RapidResult plugin for WordPress is susceptible to SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL...
WordPress Classified Pro plugin Unauthorized Plugin Installation Vulnerability
WordPress Classified Pro plugin is a plugin for quickly creating a classified ad section on a WordPress website, supporting different scenarios of listings management such as automotive, second-hand trading, etc., and providing features such as searching, ad space configuration, and text...
EUVD-2013-2077
Malware in sbrugna...