36 matches found
PT-2025-12883 · WordPress · Product Import Export For Woocommerce
Name of the Vulnerable Software and Affected Versions: Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows authenticated attackers with Administrator-level access and above to make web...
CVE-2024-3495
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2024-13409
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...
CVE-2024-11972
creationtimestamp| type| source ---|---|--- 2024-12-12 08:18:00+00:00| seen| https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html 2024-12-12 10:21:49+00:00| exploited| https://t.me/thehackernews/6031 2024-12-12 14:52:32+00:00| published-proof-of-concept|...
CVE-2024-11417 dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djoeinstellungenmenue function. This makes it possible for unauthenticated attackers to...
CVE-2024-9694 CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-11034 Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form
The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...
CVE-2024-3215 Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmproupdatelevelgrouporder function. Th...
CVE-2023-5340
The CVE-2023-5340 affects the Five Star Restaurant Menu and Food Ordering WordPress plugin prior to version 2.4.11. The issue is unauthenticated deserialization via an AJAX action, enabling PHP Object Injection when a suitable gadget is present on the blog. Remediation: upgrade to version 2.4.11 ...
CVE-2022-47162 WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin = 36 versions...
WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Image and Video Lightbox, Image PopUp Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24004 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4d9c16d4d9c1 Credits...
CVE-2022-37787
An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...
CVE-2022-33943 WordPress BxSlider WP plugin <= 2.0.0 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated contributor or higher user role Cross-Site Scripting XSS vulnerability in Nico Amarilla's BxSlider WP plugin = 2.0.0 at WordPress...
WordPress events-manager plugin cross-site scripting vulnerability (CNVD-2019-30594)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
WordPress REST API Plugin Content Injection Vulnerability
WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A content injection vulnerability exists in the WordPress REST API plugin. A remote attacker can exploit the vulnerability to elevate privileges or perform content injectio...
e107 Plugin alternate_profiles (id) SQL Injection Vulnerability
Exploit for unknown platform in category web applications =============================================================== e107 Plugin alternateprofiles id SQL Injection Vulnerability =============================================================== e107 Plugin alternateprofiles newuser.php?id Remot...