46606 matches found
WordPress Pods Plugin <= 2.4 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter in the pods page to wp-admin/admin.php. Solution Update the plugin...
WordPress Random Banner Plugin <= 1.1.2.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "buffercodeRBannerurlbanner1" parameter in an update action to wp-admin/options.php. Solution Update the plugin...
WordPress Pay Per Media Player Plugin <= 1.24 - Multiple XSS
Because of these vulnerabilities in payper/payper.php, the attackers to inject arbitrary web script or HTML. Solution Update the plugin...
WordPress <= 3.0.1 - BYPASS
wp-includes/capabilities.php does not require the Super Admin role for the deleteusers capability that allows remote authenticated administrators to bypass intended access restrictions via a delete action. Solution Update WordPress...
WordPress <= 3.5.1 - External Entity Injection
Because of this vulnerability, the attackers can read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference. Solution Update the plugin...
WordPress Nest Theme - SQL Injection
This WordPress Nest theme's "codigo" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the theme...
WordPress Uk Cookie plugin <= 1.0 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by nauty.me04 in WordPress Uk Cookie plugin versions = 1.0 Solution Update the WordPress Uk Cookie plugin to the latest available version at least 1.1...
WordPress <= 3.4.1 - BYPASS
Because of this vulnerability, remote authenticated users can bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol feature. Solution Update the plugin...
WordPress <= 3.3.1 - XSS #1
This vulnerability is in the wp-comments-post.php. It allows the attackers to conduct XSS attacks via unspecified vectors. Solution Update WordPress...
WordPress Bonus Theme 1.0 - Cross Site Scripting
WordPress Bonus theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress <= 3.1.2 - SQL Injection
wp-includes/taxonomy.php has unknown impact and attack vectors, that possibly involving SQL injection. Solution Update WordPress...
WordPress Forum Server Plugin 1.6.5 - SQL Injection
WordPress Forum Server plugin is prone to an SQL injection. This vulnerability exists because of failure in the "index.php" script to properly clean up user-supplied input in "searchmax" variable and in the "/wp-content/plugins/forum-server/feed.php" script to properly sanitize user-supplied inpu...
WordPress <= 3.0.4 - Multiple XSS
Because of these vulnerabilities, authenticated users can inject arbitrary web script or HTML. Solution Update WordPress...
WordPress <= 2.6.9 - Open Redirection
Because of this vulnerability in wp-admin/upgrade.php, the attackers can redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "backto" parameter. Solution Update WordPress...
WordPress <= 2.6.1 - SQL Truncation Vulnerability #1
Because of this vulnerability, the attackers can leverage exposures in products that rely on these functions for security-relevant functionality. Solution Update WordPress...
WordPress Classic Theme <= 1.5 - XSS
Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the theme...
WordPress <= 2.1.2 - SQL Injection vulnerability
Because of this vulnerability in xmlrpc, the authenticated users can execute arbitrary SQL commands. Solution Update the WordPress to the latest available version at least 2.1.3...
WordPress <= 2.0 - Denial of Service Attacks
The wpremotefopen function allows the attackers to cause a denial of service attacks via pingback service calls. Solution Update the WordPress to the latest available version at least 2.0.1...
WordPress <= 1.5.1.2 - SQL injection
Because of this vulnerability in XMLRPC server, attackers can execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file. Solution Update the WordPress to the latest available version at least 1.5.1.3...
WordPress <=1.2 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Because of these vulnerabilities, attackers can inject arbitrary web script or HTML. Solution Update WordPress to the latest possible version...
WordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by ParkHyunWoo in WordPress Plugin SePay Gateway versions = 1.1.20...
WordPress WP to LinkedIn Auto Publish plugin <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage vulnerability
Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP to LinkedIn Auto Publish versions = 1.9.8...
WordPress Chartify plugin <= 3.5.9 - Missing Authentication for Administrative Function vulnerability
Missing Authentication for Administrative Function vulnerability discovered by WordFence in WordPress Plugin Chartify versions = 3.5.9...
WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by Bonds in WordPress Plugin Service Finder Booking versions = 6.1...
WordPress NextGEN Gallery Plugin < 3.59.5 is vulnerable to Cross Site Scripting (XSS)
Software NextGEN Gallery Type Plugin Vulnerable versions 3.59.5 Fixed in 3.59.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6393 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0e6857ff3928 Credits WPscan Required privileg...
WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Arbitrary File Upload
Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8614 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID d16b486be3a5 Credits Tonn Required privilege Subscriber Published 5...
WordPress Forms for Mailchimp by Optin Cat Plugin <= 2.5.6 is vulnerable to Cross Site Scripting (XSS)
Software Forms for Mailchimp by Optin Cat Type Plugin Vulnerable versions = 2.5.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 95ff17d053e3 Credits vgo...
WordPress Plugin Propagator Plugin <= 0.1 is vulnerable to Arbitrary File Upload
Software Plugin Propagator Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50495 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8034c466a94c Credits stealthcopter Required privilege...
WordPress Acnoo Flutter API Plugin <= 1.0.5 is vulnerable to Privilege Escalation
Software Acnoo Flutter API Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50486 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 69fb59b59cf8 Credits...
WordPress Bridge Core Plugin <= 3.3 is vulnerable to Broken Access Control
Software Bridge Core Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9860 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 06bde99f8c17 Credits István Márton Required privilege...
WordPress Hunk Companion Plugin <= 1.8.4 is vulnerable to Broken Access Control
Software Hunk Companion Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9707 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 20cecbb53904 Credits Sean Murphy Required privileg...
WordPress WP Hardening Plugin <= 1.2.6 is vulnerable to Bypass Vulnerability
Software WP Hardening Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6641 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5e3f8dc1dce6 Credits Felipe Caon Required privilege...
WordPress Watu Quiz Plugin < 3.4.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Watu Quiz Type Plugin Vulnerable versions 3.4.1.2 Fixed in 3.4.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2640 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 617bfa58ba67 Credits Eunho Kim Required privilege...
WordPress Extra Theme <= 4.25.0 is vulnerable to Cross Site Scripting (XSS)
Software Extra Type Theme Vulnerable versions = 4.25.0 Fixed in 4.25.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bcfad4f5bb49 Credits Webbernaut Required privilege...
WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content Plugin <= 7.0 is vulnerable to Sensitive Data Exposure
Software WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content Type Plugin Vulnerable versions = 7.0 Fixed in 7.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7046 Patch priority Low CVSS severity Low 7.5...
WordPress Template Kit – Import Plugin <= 1.0.14 is vulnerable to Cross Site Scripting (XSS)
Software Template Kit – Import Type Plugin Vulnerable versions = 1.0.14 Fixed in 1.0.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ba95df4bab0 Credits Colin Xu Require...
WordPress Astra Theme <= 4.6.8 is vulnerable to Cross Site Scripting (XSS)
Software Astra Type Theme Vulnerable versions = 4.6.8 Fixed in 4.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2347 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bd6f62042937 Credits stealthcopter Required privilege Contributor...
WordPress NotificationX Plugin <= 2.8.2 is vulnerable to SQL Injection
Software NotificationX Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1698 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 7d9025b61012 Credits Krzysztof Zając Required privilege Unauthenticated...
WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software GPT3 AI Content Writer Type Plugin Vulnerable versions = 1.8.12 Fixed in 1.8.13 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51528 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 803ba388c710 Credits Brandon...
WordPress Export any WordPress data to XML/CSV Plugin < 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Export any WordPress data to XML/CSV Type Plugin Vulnerable versions 1.4.1 Fixed in 1.4.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5882 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 699f0018c204 Credits...
WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to PHP Object Injection
Software Master Slider Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-47507 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6df26bc223e4 Credits Rafie Muhammad Patchstack Required...
WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload
Software Icons Font Loader Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-5860 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e7c1b6cac566 Credits Alex Thomas Required privilege...
WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control
Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...
WordPress JupiterX Core Plugin <= 3.3.5 is vulnerable to Arbitrary File Upload
Software JupiterX Core Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-38388 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8bc7c34302b7 Credits Rafie Muhammad Patchstack Required privileg...
WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32793 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 835a4691203f Credits Rafie Muhammad...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4700 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 423004fa0a2f Credits Ramuel Gall Required...
WordPress Community Events plugin <= 1.4.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep sk4rl1ghT in the WordPress Community Events plugin versions = 1.4.8. Solution Update the WordPress Community Events plugin to the latest available version at least 1.4.9...
WordPress WP ULike plugin <= 4.6.4 - Race Condition vulnerability
Race Condition vulnerability leading to rating increase/decrease discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress WP ULike plugin versions = 4.6.3. Solution No patched version is available. No reply from the vendor since August 24th, 2022...
WordPress miniOrange Two-Factor Authentication plugin <= 5.6.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Calvin Alkan in WordPress miniOrange Two-Factor Authentication plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.6.2...
WordPress Ezoic plugin <= 2.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera Patchstack Alliance in the WordPress Ezoic plugin versions = 2.8.8. Solution Update the WordPress Ezoic plugin to the latest available version at least 2.8.9...