45958 matches found
WordPress <=1.5 - SQL injection vulnerability
Because of this vulnerability, attackers can obtain sensitive information. Solution Update WordPress to the latest possible version...
WordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by ParkHyunWoo in WordPress Plugin SePay Gateway versions = 1.1.20...
WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Brookside versions = 1.4...
WordPress Doctreat theme <= 1.6.7 - Content Injection vulnerability
Content Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Doctreat versions = 1.6.7...
WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability
WordPress Universal Video Player - Addon for WPBakery Page Builder = 3.2.1 - Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Universal Video Player - Addon for WPBakery Page Builder versions = 3.2.1...
WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Elementor Website Builder versions = 3.29.0...
WordPress Motors Theme <= 5.6.67 is vulnerable to Privilege Escalation
Software Motors Type Theme Vulnerable versions = 5.6.67 Fixed in 5.6.68 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-4322 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f2c68f043bd9 Credits Foxyyy Required...
WordPress HTML Forms plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin HTML Forms versions = 1.5.2...
WordPress User Registration & Membership Pro plugin < 5.1.3 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin User Registration & Membership Pro versions 5.1.3...
WordPress Attesa Extra Plugin <= 1.4.2 is vulnerable to Broken Access Control
Software Attesa Extra Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10688 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5de7d31066fa Credits Francesco...
WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Sensitive Data Exposure
Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8899 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a83345ae77b9 Credits Ankit Patel Required...
WordPress YaDisk Files Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)
Software YaDisk Files Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10710 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 827a3585508c Credits WPscan Required privilege...
WordPress WP Mailster Plugin <= 1.8.16.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Mailster Type Plugin Vulnerable versions = 1.8.16.0 Fixed in 1.8.17.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-53737 Patch priority Low CVSS severity Low 6.5 Developer WP Mailster PSID 83aa8c3ff329 Credits Lam Que Chi Required privilege Contribut...
WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to SQL Injection
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10400 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d0515de5a39b Credits mikemyers Required privilege Unauthenticated Publishe...
WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5925dd673838 Credits Lucio Sá Required privilege...
WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...
WordPress codeSnips Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software codeSnips Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b3a7768e4e50 Credits SOPROBRO Required privilege Contributor Publishe...
WordPress MapPress Maps for WordPress Plugin <= 2.94.1 is vulnerable to Cross Site Scripting (XSS)
Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.94.1 Fixed in 2.94.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e896b2089ac1 Credits Akbar...
WordPress BetterLinks Plugin <= 2.1.7 is vulnerable to SQL Injection
Software BetterLinks Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51672 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 159a4550c364 Credits Marek Mikita Required privilege Administrator Publish...
WordPress Show Visitor IP Address Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
Software Show Visitor IP Address Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50538 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 14c2541462c0 Credits SOPROBRO Required privilege...
WordPress RSVP ME Plugin <= 1.9.9 is vulnerable to SQL Injection
Software RSVP ME Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50544 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1e22cf9c262a Credits LVT-tholv2k Required privilege Contributor Published 31...
WordPress Wp Social Plugin <= 3.0.7 is vulnerable to Broken Authentication
Software Wp Social Type Plugin Vulnerable versions = 3.0.7 Fixed in 3.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-9501 Patch priority High CVSS severity High 9.8 Developer Wpmet PSID 239b8bacd5e7 Credits wesley wcraft Required privilege...
WordPress Rescue Shortcodes Plugin <= 2.8 is vulnerable to Cross Site Scripting (XSS)
Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 55990669c666 Credits Peter Thaleikis Required...
WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47366 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID e5b93a793554 Credits João Pedro S Alcântara Kinorth...
WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Broken Access Control
Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5939 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID 8ee538f964d1 Credits villu164 Required privilege...
WordPress WP Fundraising Donation and Crowdfunding Platform Plugin <= 1.7.0 is vulnerable to Privilege Escalation
Software WP Fundraising Donation and Crowdfunding Platform Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-6698 Patch priority High CVSS severity High 8.8 Developer Claim ownership...
WordPress Profile Builder Plugin < 3.11.8 is vulnerable to Broken Access Control
Software Profile Builder Type Plugin Vulnerable versions 3.11.8 Fixed in 3.11.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6366 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 351dbb0efb2f Credits Michel Prunet Required privile...
WordPress JSON API User Plugin <= 3.9.3 is vulnerable to Privilege Escalation
Software JSON API User Type Plugin Vulnerable versions = 3.9.3 Fixed in 3.9.4 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c77720f52f77 Credits Thanh Nam Tran Required privile...
WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection
Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...
WordPress RestroPress Plugin <= 3.1.2.1 is vulnerable to Cross Site Scripting (XSS)
Software RestroPress Type Plugin Vulnerable versions = 3.1.2.1 Fixed in 3.1.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35719 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f811f4d1bd1 Credits LVT-tholv2k Required privilege...
WordPress BuddyForms Plugin <= 2.8.9 is vulnerable to Bypass Vulnerability
Software BuddyForms Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.8.10 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-5149 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5566e284be9a Credits István Márton Required privilege...
WordPress Flash & HTML5 Video Plugin < 2.5.27 is vulnerable to SQL Injection
Software Flash & HTML5 Video Type Plugin Vulnerable versions 2.5.27 Fixed in 2.5.27 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a6949d7fc215 Credits Mayank Deshmukh Required privilege...
WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.26 is vulnerable to Content Injection
Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.26 Fixed in 1.6.27 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-2619 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e650ff9528ff Credits wesley wcraft...
WordPress Skyline WP Theme <= 1.0.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software Skyline WP Type Theme Vulnerable versions = 1.0.10 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34810 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e68045327895 Credits Dhabaleshwar Das Requir...
WordPress Divi Theme <= 4.25.0 is vulnerable to Cross Site Scripting (XSS)
Software Divi Type Theme Vulnerable versions = 4.25.0 Fixed in 4.25.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1cc1a7dd8fd8 Credits Webbernaut Required privilege...
WordPress One Click Demo Import Plugin <= 3.2.0 is vulnerable to PHP Object Injection
Software One Click Demo Import Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-34433 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID a0133f0acd1f Credits ngductung Patchstack Alliance Requir...
WordPress Yoast SEO Plugin <= 22.5 is vulnerable to Cross Site Scripting (XSS)
Software Yoast SEO Type Plugin Vulnerable versions = 22.5 Fixed in 22.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4041 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ed891028ded Credits Bassem Essam Required...
WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin CodeBard's Patron Button and Widgets for Patreon versions = 2.2.0...
WordPress WP Portfolio theme <= 2.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme WP Portfolio versions = 2.4...
WordPress WZone Plugin <= 14.0.10 is vulnerable to SQL Injection
Software WZone Type Plugin Vulnerable versions = 14.0.10 Fixed in 14.0.31 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33544 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 102966976300 Credits Rafie Muhammad Patchstack Required privilege...
WordPress Master Slider Plugin <= 3.9.5 is vulnerable to PHP Object Injection
Software Master Slider Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32600 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID d3cbc5a0e9db Credits Rafie Muhammad Patchstack Required privile...
WordPress X-T9 Theme <= 1.19.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software X-T9 Type Theme Vulnerable versions = 1.19.0 Fixed in 1.19.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f76c7713c16f Credits Dhabaleshwar Das Required...
WordPress Smart Manager Plugin < 8.28.0 is vulnerable to SQL Injection
Software Smart Manager Type Plugin Vulnerable versions 8.28.0 Fixed in 8.28.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0566 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c1d0448fde12 Credits Ivan Spiridonov Required privilege Administrator...
WordPress Elementor Website Builder Plugin <= 3.18.3 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Website Builder Type Plugin Vulnerable versions = 3.18.3 Fixed in 3.19.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0506 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID cf3633af9a1c Credits wesley wcraft...
WordPress The Events Calendar Plugin <= 6.2.8.2 is vulnerable to Sensitive Data Exposure
Software The Events Calendar Type Plugin Vulnerable versions = 6.2.8.2 Fixed in 6.2.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6557 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID 4e6ed43ca389 Credits Nicolas...
WordPress Post SMTP Plugin <= 2.8.7 is vulnerable to Broken Authentication
Software Post SMTP Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2023-6875 Patch priority High CVSS severity High 9.8 Developer WPExperts PSID abf9b2b72d3f Credits Ulyses Saicha Required privilege Unauthenticat...
WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to Remote Code Execution (RCE)
Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-6634 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID acb9af544a85 Credits hir0ot Required privilege...
WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to SQL Injection
Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6567 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9380e4991dc4 Credits hir0ot Required privilege Unauthenticated Publish...
WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software GPT3 AI Content Writer Type Plugin Vulnerable versions = 1.8.12 Fixed in 1.8.13 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51528 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 803ba388c710 Credits Brandon...
WordPress Essential Real Estate Plugin <= 4.3.5 is vulnerable to Arbitrary File Upload
Software Essential Real Estate Type Plugin Vulnerable versions = 4.3.5 Fixed in 4.4.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6827 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4162eb3df384 Credits István Márton Required privilege...