263207 matches found
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by ParkHyunWoo in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.4...
WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Austin Ginder in WordPress Plugin WooCommerce Anti-Fraud versions = 7.2.6...
WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Dropshipping versions = 5.2.4...
WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Averon Averenkov in WordPress Plugin Knit Pay versions = 9.4.0.0...
WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Kent Apostol in WordPress Plugin WPZOOM Portfolio versions = 1.4.21...
WordPress Email Encoder Premium plugin < 0.3.12 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Encoder Premium versions 0.3.12...
WordPress Email Address Encoder plugin < 1.0.25 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Address Encoder versions 1.0.25...
CVE-2026-3011
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...
WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.9.1...
WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.9.1...
CVE-2026-3011
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...
CVE-2026-3011 Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes'
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...
EUVD-2026-35049
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...
CVE-2026-3011 Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes'
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...
CVE-2026-3011
CVE-2026-3011 - Recipe Card Blocks Lite (WordPress) Vulnerability: Stored Cross-Site Scripting in the Recipe Card Blocks Lite plugin for WordPress, affecting all versions up to 3.4.13. Affected component: WPZOOM Recipe Card Blocks Lite plugin for WordPress (block-based recipe card feature). Root ...
Exploit for CVE-2026-1555
██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ █████...
WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.9.1...
WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin wpDataTables versions = 7.3.6...
Exploit for Improper Authentication in Wordpress
CVE-2008-1930 Exploitation Documentation Guide Document In...
WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability
WordPress Masteriyo - LMS plugin = 2.2.0 - Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Masteriyo - LMS versions = 2.2.0...