63 matches found
CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...
CVE-2024-13653
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...
CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update
The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...
CVE-2024-11725
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings function in all versions up to, and including, 3.7.6. This makes it...
CVE-2024-11936
CVE-2024-11936 (Zox News, WordPress) : The Zox News theme (versions
WordPress Site Launcher Plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Site Launcher versions = 0.9.4...
CVE-2025-22576 WordPress Site PIN Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus Downing Site PIN site-pin allows Reflected XSS.This issue affects Site PIN: from n/a through = 1.3...
CVE-2025-22576
CVE-2025-22576 is a Reflected XSS in the WordPress plugin/site "Site PIN" (by Marcus Downing), affecting version up to 1.3. The issue stems from improper input neutralization during web page generation. As per the provided sources, the CVE-ID and vulnerability type are confirmed, with a CVSSv3.1 ...
CVE-2024-11725
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings function in all versions up to, and including, 3.7.6. This makes it...
CVE-2024-11725 SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings function in all versions up to, and including, 3.7.6. This makes it...
PT-2024-12732 · Unknown · Instant Css
Name of the Vulnerable Software and Affected Versions: Instant CSS versions 1.1.4 and earlier Description: The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. This is a broken access control issue that can be exploited by...
CVE-2024-38344
A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintende...
CVE-2024-38345
CVE-2024-38345 describes a cross-site request forgery (CSRF) in Sola Testimonials for WordPress prior to 3.0.0. The vulnerability could allow a logged-in user on a WordPress site with the affected plugin enabled to access a malicious page and perform unintended actions. The CVSS vector (AV:N/AC:L...
CVE-2024-38344
A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintende...
CVE-2024-35642 WordPress Site Favicon plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2...
WordPress Site Favicon Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
Software Site Favicon Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35642 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 793a8085c766 Credits Cronus Required privilege Administrator...
WordPress Site Reviews plugin < 7.0.0 - IP Spoofing vulnerability
IP Spoofing vulnerability discovered by Sławomir Zakrzewski, Maksymilian Kubiak AFINE in WordPress Plugin Site Reviews versions 7.0.0...
CVE-2024-3333
The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-29095 WordPress Site Reviews plugin <= 6.11.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gemini Labs Site Reviews site-reviews.This issue affects Site Reviews: from n/a through = 6.11.6...
WordPress Site Reviews Plugin <= 6.11.6 is vulnerable to Cross Site Scripting (XSS)
Software Site Reviews Type Plugin Vulnerable versions = 6.11.6 Fixed in 6.11.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29095 Patch priority Low CVSS severity Low 5.9 Developer Gemini Labs PSID ea55e6cb50a9 Credits isacaya Required privilege Author Published...