46571 matches found
WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by HieuPenguinnn in WordPress Plugin SupportCandy versions = 3.4.6...
NPM: n8n: Wrong OAuth Scope on Evaluation Test Runs Endpoints
NPM: n8n: Wrong OAuth Scope on Evaluation Test Runs Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...
WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Expatch in WordPress Plugin wpDataTables versions = 7.4...
WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by HaiND in WordPress Plugin Ads by WPQuads versions = 3.0.3...
WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Widget Options versions = 4.2.3...
WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...
WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by she11f in WordPress Plugin Visual Link Preview versions = 2.3.1...
WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin JetBooking versions = 4.0.4.1...
WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Evan NR in WordPress Plugin Listdom versions = 5.4.0...
WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin Slimstat Analytics versions = 5.4.11...
WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin MStore API versions = 4.18.4...
WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Advanced Ads versions = 2.0.21...
WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin SureDash versions = 1.8.0...
WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin Cargo Shipping Location for WooCommerce versions = 5.6...
WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by endy in WordPress Plugin Motors versions = 1.4.109...
WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin Motors versions = 1.4.109...
WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Travel Gutenberg Blocks versions = 3.9.4...
WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Ali Osman ERBAS 0110m4n in WordPress Plugin GIFT4U versions = 1.0.10...
WordPress Nexi XPay plugin <= 8.3.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by hivesec in WordPress Plugin Nexi XPay versions = 8.3.1...
WordPress FireBox Popups – Increase Sales and Grow Your Email List plugin <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability
Unauthenticated Sensitive Information Exposure in 'formid' Parameter vulnerability discovered by Duc Manh in WordPress Plugin FireBox versions = 3.1.7...
WordPress Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin <= 4.2.6 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Alexandru Bucur in WordPress Plugin Optimole versions = 4.2.6...
NPM: Cross-site scripting via <NoScript> slot content in Nuxt's head components
NPM: Cross-site scripting via slot content in Nuxt's head components vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...
NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
NPM: n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
NPM: n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
NPM: n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
NPM: n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
NPM: n8n: Credential Exfiltration via Permission Bypass
NPM: n8n: Credential Exfiltration via Permission Bypass vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
NPM: n8n: Denial of Service via ZIP decompression in webhook workflow
NPM: n8n: Denial of Service via ZIP decompression in webhook workflow vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...
NPM: n8n: Public API Execution Retry Authorization Bypass
NPM: n8n: Public API Execution Retry Authorization Bypass vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
NPM: n8n: Python Code Node AST Validator Bypass
NPM: n8n: Python Code Node AST Validator Bypass vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
NPM: n8n: Stored XSS in Chat Trigger Node
NPM: n8n: Stored XSS in Chat Trigger Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints
NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...
NPM: n8n: Microsoft SQL Node Prototype Pollution
NPM: n8n: Microsoft SQL Node Prototype Pollution vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...
NPM: n8n: Merge Node SQL Mode Prototype Pollution
NPM: n8n: Merge Node SQL Mode Prototype Pollution vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
NPM: n8n: Prototype Pollution enables confused-deputy execution via public webhooks
NPM: n8n: Prototype Pollution enables confused-deputy execution via public webhooks vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
NPM: n8n: Same-Origin XSS in Respond to Webhook Node
NPM: n8n: Same-Origin XSS in Respond to Webhook Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
NPM: n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes
NPM: n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
NPM: n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint
NPM: n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...
NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
WordPress Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin myCred versions = 3.1...
WordPress Permalink Manager Lite plugin <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ahmad Marzouk in WordPress Plugin Permalink Manager Lite versions = 2.5.3.3...
NPM: n8n: Git Node Clone and Push Operations Bypass File Sandbox
NPM: n8n: Git Node Clone and Push Operations Bypass File Sandbox vulnerability discovered by ? in WordPress Npm n8n versions 1.123.48...
NPM: n8n: Python sandbox escape
NPM: n8n: Python sandbox escape vulnerability discovered by ? in WordPress Npm n8n versions 1.123.48...
NPM: Astro: XSS via Unescaped Attribute Names in Spread Props
NPM: Astro: XSS via Unescaped Attribute Names in Spread Props vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...
WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WP eMember versions v10.9.4...
NPM: Astro: Host header SSRF in prerendered error page fetch
NPM: Astro: Host header SSRF in prerendered error page fetch vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by ParkHyunWoo in WordPress Plugin Registration Form for WooCommerce versions = 1.0.9...
NPM: hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`
NPM: hono: Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...
NPM: hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest
NPM: hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...