WordPress ZeroClipboard Plugin <= 1.0.7 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter. Solution Update the plugin...

WordPress BackWPup Plugin <= 1.4.0 - Directory Traversal

because of this vulnerability, the attackers can read arbitrary files in the "wpabs parameter". Solution Update the plugin...

WordPress Kish Guest Posting Plugin <= 1.2 - Unrestricted File Upload

Because of this vulnerability in uploadify/scripts/uploadify.php, the attackers can execute arbitrary code by uploading a file with a double extension. After that they access it via a direct request to the file in the directory specified by the "folder" parameter. Solution Update the plugin...

WordPress Organizer Plugin 1.2.1 - Multiple Security Vulnerabilities

WordPress Organizer plugin is prone to a cross-site scripting, information disclosure and directory-traversal vulnerabilities. These vulnerabilities allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the browser, also, disclose sensitive...

WordPress WassUp Plugin <= 1.8.3.0 - XSS

Because of this vulnerability in wassup.php, the attackers can inject arbitrary web script or HTML via the User-Agent HTTP header. Solution Update the plugin...

WordPress <= 3.0.2 - BYPASS

Because of this vulnerability, authenticated users can bypass intended access restrictions, and publish, edit or delete posts. Solution Update WordPress...

WordPress The Erudite Theme <= XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "cpage" parameter. Solution Update the theme...

WordPress Symposium Plugin <= 11.12.07 - XSS

Because of this vulnerability in uploadify/getprofileavatar.php, the attackers can inject arbitrary web script or HTML via the "uid" parameter. Solution Update the plugin...

WordPress Spreadsheet Plugin <= 0.6 - SQL Injection

Because of this vulnerability in ssload.php, the attackers can execute arbitrary SQL commands via the "ssid"parameter. Solution Update the plugin...

WordPress Sniplets Plugin <= 1.2.2 - Eval Injection

Because of this vulnerability in modules/execute.php, the attackers can execute arbitrary PHP code via the "text" parameter. Solution Update the plugin...

WordPress WP Forum Server Plugin <= 1.7.4 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "user" parameter in a showprofile action to the default URI. Solution Update the plugin...

WordPress <= 2.3.1 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "s" parameter. Solution Update WordPress...

WordPress <= 2.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "useremail" parameter. Solution Update WordPress...

WordPress <= 2.2.1 - Multiple XSS

Because of these vulnerabilities, the authenticated administrators can inject arbitrary web script or HTML. Solution Update WordPress...

WordPress Automattic Stats Plugin <= 1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the HTTP Referer field. Solution Update the plugin...

WordPress Admin Panel Plugin <= 2.1.1 - CSRF

Because of this vulnerability, the attackers can perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. Solution Update the WordPress Admin Panel plugin to the latest version at least 2.1.2...

WordPress <= 2.0.1 - Multiple XSS

Because of these vulnerabilities, attackers can inject arbitrary web script or HTML via the name, website, and comment parameters. Solution Update the WordPress to the latest available version at least 2.0.2...

WordPress <=1.5 - SQL injection vulnerability

Because of this vulnerability in wp-trackback.php, attackers can execute arbitrary SQL commands via the "tbid" parameter. Solution Update this plugin...

WordPress WP FOFT Loader plugin <= 2.1.39 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Williwollo CybrX in WordPress Plugin WP FOFT Loader versions = 2.1.39...

WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Request a Quote versions = 2.5.3...

WordPress WP Job Portal plugin <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.0...

WordPress Blocksy Companion plugin <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blocksynewslettersubscribe Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Blocksy Companion versions = 2.1.10...

WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 63n0 in WordPress Plugin Videopack versions = 4.10.3...

WordPress Parsi Date Plugin <= 5.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Parsi Date Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID be0cd10da0f9 Credits vgo0 Required privileg...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2 is vulnerable to Broken Authentication

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.43.2 Fixed in 6.44 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10542 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a624846c5f89...

WordPress Safe SVG Plugin < 2.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Safe SVG Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8378 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6a85e49dfeba Credits Alexander Concha Required privilege Author...

WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.121 is vulnerable to Remote Code Execution (RCE)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.121 Fixed in 1.5.122 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-49271 Patch priority High CVSS severity High 9.1 Developer Unlimited Elements PSID...

WordPress Bridge Core Plugin <= 3.3 is vulnerable to Broken Access Control

Software Bridge Core Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9860 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 06bde99f8c17 Credits István Márton Required privilege...

WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...

WordPress Livemesh Addons for Elementor Plugin <= 8.5 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.5 Fixed in 8.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47303 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6b692e93ddf5 Credits João Pedro S Alcântara...

WordPress Elementor Website Builder Plugin <= 3.23.4 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.23.4 Fixed in 3.24.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5416 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID 8f473cdb82fd Credits wesley wcraft...

WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload

Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...

WordPress Duplicator Plugin <= 1.5.9 is vulnerable to Full Path Disclosure (FPD)

Software Duplicator Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.10 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d4d879d29752 Credits stealthcopter Required...

WordPress Panda Video plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Panda Video versions = 1.4.0...

WordPress PayPlus Payment Gateway Plugin <= 6.6.8 is vulnerable to SQL Injection

Software PayPlus Payment Gateway Type Plugin Vulnerable versions = 6.6.8 Fixed in 6.6.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6205 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 47e962c92ffc Credits Project Black Required privilege...

WordPress ARMember Premium Plugin < 6.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARMember Premium Type Plugin Vulnerable versions 6.7.1 Fixed in 6.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77f7fcbe1ab Credits Cat Required privile...

WordPress Interactive Content – H5P Plugin < 1.15.8 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Content – H5P Type Plugin Vulnerable versions 1.15.8 Fixed in 1.15.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b51ad18a9f74 Credits Dmitrii Ignaty...

WordPress Hash Form Plugin <= 1.1.0 is vulnerable to Remote Code Execution (RCE)

Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5084 Patch priority High CVSS severity High 10 Developer Claim ownership PSID da300dc670df Credits Francesco Carlucci Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.14 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.14 Fixed in 5.7.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2876 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9b57a92f98bb Credits Arkadiusz Hydzik Required...

WordPress WP-Members Plugin <= 3.4.9.2 is vulnerable to Cross Site Scripting (XSS)

Software WP-Members Type Plugin Vulnerable versions = 3.4.9.2 Fixed in 3.4.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1852 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 145e334b433b Credits Webbernaut Required...

WordPress Carousel Anything For WPBakery Page Builder Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Anything For WPBakery Page Builder Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30520 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a74a859c3da3 Credits resecured.io...

WordPress Elementor Addon Elements Plugin <= 1.12.12 is vulnerable to Local File Inclusion

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.12 Fixed in 1.13 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-1358 Patch priority Low CVSS severity Low 8.8 Developer WPVibes PSID 7c75b4731d57 Credits wesley wcraft Required privilege...

WordPress Enable Media Replace Plugin <= 4.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Enable Media Replace Type Plugin Vulnerable versions = 4.1.4 Fixed in 4.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-6737 Patch priority Medium CVSS severity Medium 7.1 Developer ShortPixel PSID 6b527c26ad78 Credits Nex Team Required privilege...

WordPress Export any WordPress data to XML/CSV Plugin < 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Export any WordPress data to XML/CSV Type Plugin Vulnerable versions 1.4.1 Fixed in 1.4.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5882 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 699f0018c204 Credits...

WordPress Defender Security Plugin <= 4.2.0 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-47189 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 9d721f7eb609 Credits Naveen Muthusamy Required...

WordPress History Log by click5 Plugin < 1.0.13 is vulnerable to SQL Injection

Software History Log by click5 Type Plugin Vulnerable versions 1.0.13 Fixed in 1.0.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5082 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a946699ae5c Credits Karolis Narvilas Required privilege...

WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Sensitive Data Exposure

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5070 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 041c1c8cf3d2 Credits Marco...

WordPress EmbedPress Plugin <= 3.8.2 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4282 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9300647917bb Credits Lana Codes Required privilege...

WordPress Stock Ticker Plugin <= 3.23.2 is vulnerable to Cross Site Scripting (XSS)

Software Stock Ticker Type Plugin Vulnerable versions = 3.23.2 Fixed in 3.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45365 Patch priority Medium CVSS severity Medium 7.1 Developer Aleksandar Urošević PSID b2f877d49771 Credits Aman Rawat...