83594 matches found
WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...
WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Forget About Shortcode Buttons versions = 2.1.3...
WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Live Copy Paste for Elementor versions = 1.5.3...
WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin GravityView versions = 3.0.0...
WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Bopo – WooCommerce Product Bundle Builder versions = 1.1.6...
WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Shoppable Images Lite versions = 1.3...
WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by lagi bljr in WordPress Plugin MasterStudy LMS versions = 3.7.30...
WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.1...
CVE-2026-57620 WordPress Exclusive Addons Elementor plugin <= 2.7.9.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8...
CVE-2026-57620
CVE-2026-57620 affects the WordPress plugin Exclusive Addons for Elementor (Tim Strifler) up to version 2.7.9.8. The issue is a Stored XSS caused by improper neutralization of input during web page generation. The vulnerability affects Exclusive Addons Elementor; no explicit exploit details or re...
WordPress Exclusive Addons Elementor plugin <= 2.7.9.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9.8...
CVE-2026-1869
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...
CVE-2026-1869 User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...
CVE-2026-1869
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...
EUVD-2026-39639
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...
CVE-2026-1869
CVE-2026-1869 concerns the WordPress plugin “User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder.” The vulnerability is caused by missing validation checks in the confirm_payment() function across all...
CVE-2026-10823
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...
CVE-2026-8380
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...
CVE-2025-10268
The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...
EUVD-2025-210347
The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...