6450 matches found
CVE-2016-10964
The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header...
Sql injection
The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter...
Cross site scripting
The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS...
CVE-2015-9346
The cp-polls plugin before 1.0.5 for WordPress has XSS...
CVE-2018-20987
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection...
CVE-2014-10378
The duplicate-post plugin before 2.6 for WordPress has XSS...
CVE-2017-18561
The embed-comment-images plugin before 0.6 for WordPress has XSS...
CVE-2016-10901
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...
CVE-2016-10896
The seo-redirection plugin before 4.3 for WordPress has stored XSS...
CVE-2017-18533
The rimons-twitter-widget plugin before 1.3 for WordPress has XSS...
Cross site request forgery (csrf)
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF...
CVE-2018-20972
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...
CVE-2017-18512
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF...
Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called "Plugin Vulnerabilities "—that recently gone...
CVE-2018-17586
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules0content parameter in a wpfcsavetimeoutpages action...
CVE-2019-9575
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlwquizresults quizid XSS...
WordPress Wichipi Events Calendar Plugin SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Wachipi WP Events Calendar plugin is used in one of the task calendar plugin. A SQL injection vulnerability exists...
WordPress Easy2Map plugin path traversal vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site. easy2Map is one of the support to create a customized Google Maps plugin. A path traversal vulnerability exists in...
WordPress Contact Form Manager CSRF / XSS
------------------------------------------------------------------------ Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin ------------------------------------------------------------------------ Edwin Molenaar, July 2016...
Post Indexer <= 3.0.6.1 - PHP Object Injection via MitM
The post-indexer WordPress plugin was affected by a PHP Object Injection via MitM security vulnerability...