46662 matches found
WordPress <= 3.1.2 - Multiple Unspecified Remote vulnerabilities
Because of these vulnerabilities, the attackers can determine usernames of non-authors via canonical redirects. Solution Update WordPress...
WordPress <= 2.8.2 - Multiple Vulnerabilities #1
Because of these vulnerabilities, the attackers can make unauthorized edits or additions via a direct request to edit-category-form.php, edit-pages.php, edit-comments.php, edit-link-category-form.php, or edit.php. Solution Update WordPress...
WordPress Photoracer Plugin 1.0 - SQL Injection Vulnerability
SQL injection vulnerability found in viewimg.php line 16. It allows the attacker to execute arbitrary commands via the 'imgid' parameter against the database. Solution Update plugin...
WordPress <= 2.6.1 - SQL Truncation Vulnerability #2
The attackers can change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability.", because this WordPress does not properly handle MySQL warnings about insertion of username strings...
WordPress <= 2.2.2 - BYPASS
The attackers can bypass intended access restrictions for certain pages, because wp-includes/vars.php does not properly extract the current path from the PATHINFO. Solution Update WordPress...
WordPress <= 2.5 - Cookie Integrity Protection Vulnerability
The attackers can forge cookies by registering a username that results in the same concatenated string, because the cookie authentication method relies on a hash of a concatenated string containing USERNAME and EXPIRYTIME. Solution Update WordPress to version 2.5.1...
WordPress <= 2.0.11 - XSS
Because of this vulnerability in wp-db-backup.php, the attackers can inject arbitrary web script or HTML via the "backup" parameter in a wp-db-backup.php action to wp-admin/edit.php. Solution Update the WordPress...
WordPress <= 2.1.2 RC2 - XSS
Because of this vulnerability in wp-admin/vars.php, the authenticated users with theme privileges can inject arbitrary web script or HTML via the PATHINFO. Solution Update the WordPress to the latest available version at least 2.1.3...
WordPress <= 2.1.2 - Sensitive Directory Exposure
Because of this vulnerability, the attackers can obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. Solution Update the WordPress to the latest available version at least 2.1.3...
WordPress <= 2.1.1 - Multiple Vulnerabilities
The attackers can execute arbitrary commands via an eval injection vulnerability in the "ix" parameter to wp-includes/feed.php. Also, there is command execution backdoor vulnerability. Solution Update the WordPress to the latest available version at least 2.1.2...
WordPress <= 2.0.5 - SQL Injection
Because of this vulnerability, the attackers can bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets. Solution Update the WordPress to the latest available version at least 2.0.6...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...
NPM: Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE
NPM: Better Auth: OAuth callback accepts mismatched state when cookie-backed state storage is used without PKCE vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.2...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2 is vulnerable to Broken Authentication
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.43.2 Fixed in 6.44 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10542 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a624846c5f89...
WordPress CM Pop-Up banners Plugin 1.7.5 is vulnerable to Cross Site Scripting (XSS)
Software CM Pop-Up banners Type Plugin Vulnerable versions 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f58e5244f29c Credits Peter Thaleikis...
WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.21 is vulnerable to Arbitrary File Upload
Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.21 Fixed in 1.22.22 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8856 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3a293a6ce154 Credits Rein Daelman...
WordPress Automation By Autonami Plugin < 3.3.0 is vulnerable to SQL Injection
Software Automation By Autonami Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9186 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0bc9c96e6168 Credits y4ng0615 Required privilege Unauthenticated...
WordPress Form Maker by 10Web Plugin <= 1.15.30 is vulnerable to Cross Site Scripting (XSS)
Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.30 Fixed in 1.15.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10265 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0450360afe6c Credits vgo0...
WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)
Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.45 Fixed in 1.6.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10325 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3bcf490aa26b...
WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Arbitrary File Upload
Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8615 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 46ee6cd9f962 Credits Tonn Required privilege Unauthenticated Publish...
WordPress BetterLinks Plugin <= 2.1.7 is vulnerable to SQL Injection
Software BetterLinks Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51672 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 159a4550c364 Credits Marek Mikita Required privilege Administrator Publish...
WordPress Property Lot Management System Plugin <= 4.2.38 is vulnerable to Arbitrary File Upload
Software Property Lot Management System Type Plugin Vulnerable versions = 4.2.38 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49331 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 5524e01a8194 Credits CTRL Chance Required...
WordPress ACF Images Search And Insert Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload
Software ACF Images Search And Insert Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-48035 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID a12f4662ed6d Credits stealthcopter Required...
WordPress Themify Builder Plugin <= 7.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Themify Builder Type Plugin Vulnerable versions = 7.6.2 Fixed in 7.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9385 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab445f01cba Credits Colin Xu Required...
WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control
Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...
WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47366 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID e5b93a793554 Credits João Pedro S Alcântara Kinorth...
WordPress Livemesh Addons for Elementor Plugin <= 8.5 is vulnerable to Cross Site Scripting (XSS)
Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.5 Fixed in 8.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47303 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6b692e93ddf5 Credits João Pedro S Alcântara...
WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Broken Access Control
Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8350 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID d89e217025ab Credits Karl Emil Nikka...
WordPress LiteSpeed Cache Plugin < 6.5.0.1 is vulnerable to Broken Authentication
Software LiteSpeed Cache Type Plugin Vulnerable versions 6.5.0.1 Fixed in 6.5.0.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-44000 Patch priority High CVSS severity High 9.8 Developer Hai Zheng / Lite Speed Cache PSID 8f939cc0b306...
WordPress CoBlocks Plugin < 3.1.13 is vulnerable to Cross Site Scripting (XSS)
Software CoBlocks Type Plugin Vulnerable versions 3.1.13 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7132 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ec557475360 Credits Dmitrii Ignatyev Required...
WordPress WBW Product Table PRO Plugin <= 1.9.4 is vulnerable to SQL Injection
Software WBW Product Table PRO Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43918 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2c9d3f09a102 Credits Dave Jong Patchstack Required privilege...
WordPress Elements kit Elementor addons Plugin <= 3.2.0 is vulnerable to Sensitive Data Exposure
Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6455 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b000113e05e5 Credits stealthcopter Required...
WordPress e2pdf Plugin <= 1.24.00 is vulnerable to Cross Site Scripting (XSS)
Software e2pdf Type Plugin Vulnerable versions = 1.24.00 Fixed in 1.25.01 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer E2Pdf.com PSID cc24959a7a9a Credits Yudistira Arya Required privilege Author Published 27...
WordPress Woody ad snippets Plugin <= 2.5.0 is vulnerable to Remote Code Execution (RCE)
Software Woody ad snippets Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-3105 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID dce238499b1e Credits Webbernaut Required privilege...
WordPress Album Gallery – WordPress Gallery Plugin <= 1.5.7 is vulnerable to Broken Access Control
Software Album Gallery – WordPress Gallery Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35720 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2435eb9447f2 Credits Steven Juli...
WordPress FluentForm Plugin <= 5.1.16 is vulnerable to Privilege Escalation
Software FluentForm Type Plugin Vulnerable versions = 5.1.16 Fixed in 5.1.17 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-2771 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d5d5aedf6c4b Credits Tobias...
WordPress Yoast SEO Plugin <= 22.5 is vulnerable to Cross Site Scripting (XSS)
Software Yoast SEO Type Plugin Vulnerable versions = 22.5 Fixed in 22.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4041 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ed891028ded Credits Bassem Essam Required...
WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin CodeBard's Patron Button and Widgets for Patreon versions = 2.2.0...
WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Realtyna Organic IDX plugin versions = 4.14.4...
WordPress Print Invoice & Delivery Notes for WooCommerce Plugin <= 4.8.1 is vulnerable to Broken Access Control
Software Print Invoice & Delivery Notes for WooCommerce Type Plugin Vulnerable versions = 4.8.1 Fixed in 4.9.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 78b1e6c0b7b8 Credits...
WordPress Max Addons Pro for Bricks Plugin <= 1.6.1 is vulnerable to Settings Change
Software Max Addons Pro for Bricks Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32951 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 446d765fd496 Credits Dave Jong Patchstac...
WordPress Email Subscribers & Newsletters Plugin <= 5.7.14 is vulnerable to SQL Injection
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.14 Fixed in 5.7.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2876 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9b57a92f98bb Credits Arkadiusz Hydzik Required...
WordPress WPBakery Page Builder Plugin <= 7.5 is vulnerable to Cross Site Scripting (XSS)
Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.5 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1840 Patch priority Low CVSS severity Low 6.5 Developer WPBakery PSID 519a2ab9e5cd Credits Nikolas Required privilege...
WordPress WP SMS Plugin <= 6.6.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP SMS Type Plugin Vulnerable versions = 6.6.2 Fixed in 6.6.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30454 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d4f7f075b7f4 Credits Peng Zhou Required privilege...
WordPress Smart Manager Plugin < 8.28.0 is vulnerable to SQL Injection
Software Smart Manager Type Plugin Vulnerable versions 8.28.0 Fixed in 8.28.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0566 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c1d0448fde12 Credits Ivan Spiridonov Required privilege Administrator...
WordPress Elementor Website Builder Plugin <= 3.18.3 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Website Builder Type Plugin Vulnerable versions = 3.18.3 Fixed in 3.19.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0506 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID cf3633af9a1c Credits wesley wcraft...
WordPress Enable Media Replace Plugin <= 4.1.4 is vulnerable to Cross Site Scripting (XSS)
Software Enable Media Replace Type Plugin Vulnerable versions = 4.1.4 Fixed in 4.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-6737 Patch priority Medium CVSS severity Medium 7.1 Developer ShortPixel PSID 6b527c26ad78 Credits Nex Team Required privilege...
WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-49155 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f69c6cdb268...
WordPress Amazonify Plugin <= 0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Amazonify Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5818 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a36688b74e5b Credits Ala Arfaoui Required privile...