Exploit for Path Traversal in Elementor Website_Builder

CVE-2025-8081 - Elementor Arbitrary File Read Vulnerability !...

EUVD-2023-12598

Malicious code in bioql PyPI...

CVE-2019-17550

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2sid parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logge...

CVE-2025-3300

The WPMasterToolKit WPMTK – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on...

CVE-2024-13851

CVE-2024-13851 concerns the WordPress plugin Modal Portfolio. The vulnerability is a Stored Cross-Site Scripting (XSS) in versions up to 1.7.4.2, caused by insufficient input sanitization and output escaping. It requires an attacker with Administrator-level privileges to inject scripts that execu...

CVE-2024-6520 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-6521 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dropdown fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-43409

The “WPO365 | LOGIN” WordPress plugin up to and including version 15.3 by wpo365.com is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data...

WordPress Plugin ReDi Restaurant Reservation 21.0307 - &#039;Comment&#039; Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Bastijn Ouwendijk Vendor Homepage: https://reservationdiary.eu/ Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/ Version: 21.03...

CVE-2021-24213

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...

WordPress Plugin Mail Masta 1.0 - SQL Injection

Vulnerability information Vulnerability title: WordPress Plugin Mail Masta 1.0 - SQL Injection Plugin home page: https://wpcore.com/plugin/mail-masta Vulnerability type: SQL injection CVE : CVE-2017-6095, CVE-2017-6096, CVE-2017-6097, CVE-2017-6098 Vulnerability analysis The first injection...

WordPress FormBuilder 1.05 Cross Site Request Forgery

------------------------------------------------------------------------ Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification ------------------------------------------------------------------------ Burak Kelebek, July 2016...

W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Upload

When you're creating a support ticket in the plugin page, you can add one or more of your files from your computer. Then this file will be send to the author to help him resolving the issue. When we look at the code, W3TC is doing that: / Attach other files / if !empty$FILES'files' $files =...