263334 matches found
CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...
CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...
CVE-2019-25734 Contact Form by WD 1.13.1 CSRF to Local File Inclusion
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...
CVE-2019-25734
The CVE-2019-25734 entry concerns the WordPress plugin Contact Form by WD version 1.13.1. It describes a combined cross-site request forgery and local file inclusion vulnerability that lets unauthenticated attackers include arbitrary files by exploiting unsanitized action parameters. Attacks targ...
CVE-2019-25734 Contact Form by WD 1.13.1 CSRF to Local File Inclusion
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...
CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...
EUVD-2019-20163
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...
CVE-2019-25727
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...
CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...
CVE-2019-25727
The CVE-2019-25727 entry describes an Arbitrary File Download vulnerability in WordPress Plugin ad manager wd 1.0.11. An unauthenticated attacker can target the edit.php endpoint by supplying export=export_csv and a malicious path parameter to read sensitive files accessible to the web server (e....
WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jakub Herman in WordPress Plugin FV Flowplayer Video Player versions 7.5.51.7212...
WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by ParkHyunWoo in WordPress Plugin RD Station versions = 5.6.0...
WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Welcart e-Commerce versions = 2.11.28...
WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by HaiND in WordPress Plugin GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites versions = 2.32.6...
WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin WPFunnels Pro versions = 2.9.4...
WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Contact Form 7 and Constant Contact versions = 1.1.6...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.8...
CVE-2026-49077 WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...
CVE-2026-49077
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...
CVE-2026-49077 WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...