CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

CVE-2022-50953

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

CVE-2022-50953

The CVE concerns the WordPress plugin admin-word-count-column version 2.2 . A vulnerability allows unauthenticated local file read via crafted requests to download-csv.php, exploiting a null byte injection in the path parameter to bypass restrictions and read arbitrary files (e.g., system configu...

CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

EUVD-2021-34850

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

CVE-2021-47983 WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

CVE-2021-47984

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

CVE-2021-47984

The CVE-2021-47984 entry concerns the WordPress Plugin WP24 Domain Check 1.6.2, which has a stored XSS vulnerability in the fieldnameDomain parameter. Input submitted to the plugin settings form (options.php) can inject JavaScript that executes in the browsers of administrators viewing the settin...

EUVD-2021-34849

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

CVE-2021-47984 WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

CVE-2021-47982 WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

CVE-2021-47982

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

CVE-2021-47982

Summary: CVE-2021-47982 affects WordPress plugin WP-Paginate 2.1.3 with a stored XSS via the preset parameter. Authenticated attackers can submit payloads in the preset field through the plugin settings page; payloads are stored and later executed when administrators view the settings. The record...

SUSE CVE-2026-1070

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

PT-2026-47275

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOM Helpers::deserialize block attributes' method converting unicode-encoded...

PT-2026-47232

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

PT-2026-47230

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

PT-2026-47231

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

PT-2026-47228

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...