212 matches found
PT-2024-39646 · WordPress · Wp Builder
Name of the Vulnerable Software and Affected Versions: WP Builder plugin for WordPress versions up to, and including, 3.0.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
WordPress WPLMS Theme Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WPLMS Theme Privilege Escalation', 'Description' = %q The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated...
WordPress < 6.6.1
WordPress versions 6.6.1 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid204968; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/01/08"; scriptcveid"CVE-2024-31111", "CVE-2024-31210",...
PT-2024-37740 · Blubrry · Powerpress Podcasting Plugin
Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry plugin for WordPress versions up to, and including, 11.9.10 Description: The issue is related to Reflected Cross-Site Scripting via the media url parameter due to insufficient input sanitization and...
PT-2024-37604 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to, and including, 5.8.9 Description: The issue is due to a lack of validation on user-supplied data in the 'pm upload image' AJAX action, allowing...
WordPress 4.3.x < 4.3.34 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...
WordPress 5.8.x < 5.8.10 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...
PT-2024-34349 · WordPress · Lottiefiles
Name of the Vulnerable Software and Affected Versions: LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress versions up to, and including, 1.10.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...
PT-2024-26791 · WordPress · Idonate
Name of the Vulnerable Software and Affected Versions: IDonate WordPress plugin versions 1.9.0 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...
CVE-2024-3807
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘portopageheadershortcodetype’, ‘slideshowtype’ and ‘postlayout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...
PT-2024-18353 · WordPress · Wpbakery
Name of the Vulnerable Software and Affected Versions: wpbakery plugin for WordPress versions up to, and including, 7.5 Description: The issue is related to Stored Cross-Site Scripting via the Custom Heading tag attribute due to insufficient input sanitization and output escaping. This allows...
PT-2024-18410 · WordPress · Masterstudy Lms
Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthorized access to data due to a missing capability check on the search posts function. This makes it possible for authenticated...
WordPress Plugin WordPress File Upload 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2024-17945 · Woomotiv · Live Sales Notification For Woocommerce – Woomotiv
Name of the Vulnerable Software and Affected Versions: Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax cancel revie...
WordPress Plugin Related Posts for WordPress Security Breach
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-18005 · WordPress · Elementor Addon Elements
Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 Description: The issue is related to Stored Cross-Site Scripting via the icon align attribute of the Content Switcher widget due to insufficient input...
WordPress Plugin Booster for WooCommerce plugin for WordPress Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-18102 · WordPress · Wp Shortcodes Plugin
Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's su tooltip shortcode due to insufficient input sanitization...
WordPress 5.5.x < 5.5.14 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...
CVE-2023-6634 LearnPress <= 4.2.5.7 - Command Injection
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...