46684 matches found
WordPress fMoblog Plugin 2.1 - SQL Injection Vulnerability
SQL injection vulnerability found in fmoblog.php. An attacker can execute arbitrary SQL commands via the id parameter to index.php. Solution Upgrade plugin...
WordPress Page Flip Image Gallery Plugin <= 0.2.2 - Directory Traversal
Because of this vulnerability, the attackers can read arbitrary files via "bookid" parameter. Solution Update the plugin...
WordPress WP Comment Remix Plugin <= 1.4.3 - XSS
Because of this vulnerability in wpcommentremix.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress <= 2.5 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update WordPress...
WordPress DMSGuestbook Plugin <= 1.8.0 - Directory Traversal
Because of this vulnerability in wp-admin/admin.php, the authenticated users can read arbitrary files. Solution Update the plugin...
WordPress DMSGuestbook Plugin <= 1.7.0 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress WassUp Plugin <= 1.4.3 - Multiple SQL Injection
Because of these vulnerabilities in main.php, the attackers can execute arbitrary SQL commands. Solution Update the plugin...
WordPress fGallery Plugin <= 2.4.1 - SQL Injection
Because of this vulnerability in fimrss.php, the attackers can execute arbitrary SQL commands via the "album" parameter. Solution Update the plugin...
WordPress FileManager Plugin <= 1.2 - Arbitrary File Upload
Because of this vulnerability in ajaxfilemanager.php, the attackers can upload and execute arbitrary PHP code via unspecified vectors. Solution Update the plugin...
WordPress <= 2.0.11 - Multiple Vulnerabilities
Because of these vulnerabilities, the attackers can obtain sensitive information via an empty value of the "page" parameter to certain PHP scripts under wp-admin/. Solution Update WordPress...
WordPress <= 2.0.3 - Directory Traversal
Because of this vulnerability in wp-db-backup.php, the attackers can read arbitrary files, delete arbitrary files, and cause a denial of service in the "backup" parameter. Solution Update WordPress...
WordPress <= 2.0.9 - Multiple XSS
Because of these vulnerabilitie, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...
WordPress BackUpWordPress Plugin <= 0.4.2 - Remote File Inclusion
Because og this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "bkpwppluginpath" parameter. Solution Update the plugin...
WordPress MU <= 1.0 - XSS
Because of this vulnerability in wp-newblog.php, the attackers can inject arbitrary web script or HTML via the "weblogid" parameter. Solution Update WordPress...
WordPress Default Theme <= 2.2 - XSS
Because of this vulnerability, the authenticated administrators can inject arbitrary web script or HTML. Solution Update the theme...
WordPress AndyBlue Theme - XSS
Because of this vulnerability in searchform.php, the attackers can inject arbitrary web script or HTML. Solution Update the theme...
WordPress myGallery Plugin <= 1.4 - Remote File Inclusion
Because of this vulnerability in myfunctions/mygallerybrowser.php, the attackers can execute arbitrary PHP code via a URL in the "myPath" parameter. Solution Update the WordPress myGallery plugin to the latest available version at least 1.5...
WordPress <= 2.1.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "file" parameter. Solution Update the WordPress to the latest available version at least 2.1.1...
WordPress Enigma2 Plugin - Remote File Inclusion
Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "boarddir" parameter. Solution Update the plugin...
WordPress <= 1.5.1.2 - Multiple Vulnerabilities #1
Because of these vulnerabilities in wp-login.php, the attackers can change the content of the forgotten password e-mail message via the message variable, that is not initialized before use. Solution Update the WordPress to the latest available version at least 1.5.1.3...
NPM: DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`
NPM: DOMPurify: Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR vulnerability discovered by ? in WordPress Npm dompurify versions 3.4.7...
WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.4.9 - Unauthenticated Payment Bypass vulnerability
Unauthenticated Payment Bypass vulnerability discovered by Stranger825 in WordPress Plugin Contact Form 7 – PayPal & Stripe Add-on versions = 2.4.9...
NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment
NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
WordPress Slek Gateway for WooCommerce plugin <= 1.0 - Unauthenticated Insufficiently Protected Credentials vulnerability
Unauthenticated Insufficiently Protected Credentials vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Slek Gateway for WooCommerce versions = 1.0...
NPM: Next.js has a Denial of Service in the Image Optimization API
NPM: Next.js has a Denial of Service in the Image Optimization API vulnerability discovered by ? in WordPress Npm next versions = 10.0.0, 15.5.16...
WordPress WPPizza plugin <= 3.19.9 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Muhan Luo in WordPress Plugin WPPizza versions = 3.19.9...
WordPress WP JobHunt plugin <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference vulnerability
Authenticated Candidate+ Insecure Direct Object Reference vulnerability discovered by meghnine islem - CYBEARS in WordPress Plugin WP JobHunt versions = 7.7...
WordPress Elated Membership plugin <= 1.2 - Authentication Bypass via Social Login vulnerability
Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Elated Membership versions = 1.2...
WordPress All-in-One Video Gallery plugin <= 4.5.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...
WordPress Flex QR Code Generator plugin <= 1.2.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Flex QR Code Generator versions = 1.2.7...
WordPress MasterStudy LMS Pro plugin <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Thái An in WordPress Plugin MasterStudy LMS Pro versions = 4.7.9...
WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Site Chat on Telegram versions = 1.0.4...
WordPress All in One SEO Pack plugin <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability discovered by Ivan Kuzymchak in WordPress Plugin All In One SEO Pack versions = 4.8.1.1...
WordPress Greenshift plugin 11.4-11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin Greenshift versions 11.4-11.4.5...
WordPress Travelfic Toolkit plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Travelfic Toolkit versions = 1.2.1...
WordPress Contest Gallery Plugin <= 24.0.7 is vulnerable to Privilege Escalation
Software Contest Gallery Type Plugin Vulnerable versions = 24.0.7 Fixed in 24.0.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11103 Patch priority High CVSS severity High 9.8 Developer Wasiliy Strecker PSID 917060960355 Credits...
WordPress Blizzard Quotes Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Blizzard Quotes Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed471ac7b5ce Credits SOPROBRO Required...
WordPress F4 Improvements Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)
Software F4 Improvements Type Plugin Vulnerable versions = 1.9.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9442 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 375a420bcdeb Credits Francesco Carlucci Require...
WordPress Pathomation Plugin <= 2.5.1 is vulnerable to Arbitrary File Upload
Software Pathomation Type Plugin Vulnerable versions = 2.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52490 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 9e87ceb4d934 Credits ghsinfosec Required privilege Unauthenticated...
WordPress Sirv plugin <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Option Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Sirv versions = 7.3.0...
WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9653 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...
WordPress HUSKY Plugin <= 1.3.6.3 is vulnerable to Cross Site Scripting (XSS)
Software HUSKY Type Plugin Vulnerable versions = 1.3.6.3 Fixed in 1.3.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11400 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID db9ff0ff3180 Credits Daniel Scheidt Required...
WordPress Xpresslane Fast Checkout Plugin <= 1.0.0 is vulnerable to PHP Object Injection
Software Xpresslane Fast Checkout Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52440 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2eaf53da7194 Credits LVT-tholv2k Required privilege...
WordPress Opal Woo Custom Product Variation Plugin <= 1.1.3 is vulnerable to Arbitrary File Deletion
Software Opal Woo Custom Product Variation Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Deletion CVE CVE-2024-52444 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID aa758dfd0ef1 Credits...
WordPress Lis Video Gallery Plugin <= 0.2.1 is vulnerable to PHP Object Injection
Software Lis Video Gallery Type Plugin Vulnerable versions = 0.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52430 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a078bb126c5a Credits LVT-tholv2k Required privilege...
WordPress LearnPress Export Import Plugin <= 4.0.4 is vulnerable to Cross Site Scripting (XSS)
Software LearnPress Export Import Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9609 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 496adf4dad4b Credits vgo0...
WordPress Push Notifications for WordPress by PushAssist Plugin <= 3.0.8 is vulnerable to Arbitrary File Upload
Software Push Notifications for WordPress by PushAssist Type Plugin Vulnerable versions = 3.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52408 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 1a2483f66c15 Credits...
WordPress CF7 Reply Manager Plugin <= 1.2.3 is vulnerable to Arbitrary File Upload
Software CF7 Reply Manager Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52404 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID ea9af17f6366 Credits stealthcopter Required privilege...
WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)
Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...
WordPress Devexhub Gallery Plugin <= 2.0.1 is vulnerable to Arbitrary File Upload
Software Devexhub Gallery Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52373 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 41326b5950fa Credits stealthcopter Required privilege...