46606 matches found
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification vulnerability
WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Coupon Modification vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...
WordPress WP Table Builder plugin <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation vulnerability
Incorrect Authorization to Authenticated Subscriber+ Arbitrary Table Creation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Table Builder versions = 2.0.19...
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass vulnerability
WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Course Enrollment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...
WordPress WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'wpgsvmap' Shortcode vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin WP Google Street View versions = 1.1.8...
WordPress BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress BIALTY - Bulk Image Alt Text Alt tag, Alt Attribute with Yoast SEO + WooCommerce plugin = 2.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Bulk Auto Image Alt Text Alt tag, Alt attribute optimization image...
WordPress BetterDocs plugin <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BetterDocs versions = 4.3.3...
WordPress IndieWeb plugin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability discovered by Tharadol Suksamran in WordPress Plugin IndieWeb versions = 4.0.5...
WordPress Forminator Forms plugin <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export vulnerability
Missing Authorization to Authenticated Forminator User+ CSV Export vulnerability discovered by type5afe in WordPress Plugin Forminator versions = 1.49.1...
WordPress Post Expirator plugin <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation vulnerability
Missing Authorization to Authenticated Contributor+ Workflow Manipulation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.3...
WordPress weDocs plugin <= 2.1.15 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by DityaRA in WordPress Plugin weDocs versions = 2.1.15...
WordPress Clearfy plugin <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering vulnerability
Cross-Site Request Forgery to Update Notification Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Clearfy Cache versions = 2.4.0...
WordPress Japanized for WooCommerce plugin <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification vulnerability
Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Japanized For WooCommerce versions = 2.7.17...
WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin tagDiv Composer versions = 5.4.2...
WordPress BA Book Everything plugin <= 1.8.16 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin BA Book Everything versions = 1.8.16...
WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability
Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin User Registration versions = 4.4.9...
WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability
Arbitrary Shortocde Execution vulnerability discovered by Kishan Vyas in WordPress Plugin GiveWP versions = 4.13.1...
WordPress Zorka theme <= 1.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Zorka versions = 1.5.7...
WordPress WP Quick Post Duplicator plugin <= 2.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Quick Post Duplicator versions = 2.1...
WordPress NextGEN Download Gallery plugin <= 1.6.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin NextGEN Download Gallery versions = 1.6.2...
WordPress Kenta Companion plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Kenta Companion versions = 1.3.3...
WordPress Campaign Monitor for WordPress plugin <= 2.9.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Campaign Monitor for WordPress versions = 2.9.0...
WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Lead Capturing Pages versions = 2.5...
WordPress Super Interactive Maps plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Super Interactive Maps versions = 2.3...
WordPress Magic Responsive Slider and Carousel WordPress plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Magic Responsive Slider and Carousel WordPress versions = 1.6...
WordPress Magic Slider plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Magic Slider versions = 2.2...
WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Image&Video FullScreen Background versions = 1.6.7...
WordPress Anarkali theme <= 1.0.9 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Anarkali versions = 1.0.9...
WordPress Depot theme <= 1.16 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Depot versions = 1.16...
WordPress Amuli theme <= 2.3.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Amuli versions = 2.3.0...
WordPress Athens theme <= 1.1.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Athens versions = 1.1.6...
WordPress HTML5 Video Player with Playlist & Multiple Skins plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin HTML5 Video Player with Playlist & Multiple Skins versions = 5.3.5...
WordPress HTML5 Video Player plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin HTML5 Video Player versions = 5.3.5...
WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability
CSS Injection vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Easy Media Download versions = 1.1.11...
WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin = 1.4 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Famous - Responsive Image And Video Grid Gallery WordPress Plugin versions = 1.4...
WordPress CountDown With Image or Video Background plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin CountDown With Image or Video Background versions = 1.5...
WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...
WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability
Account Takeover vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...
WordPress VideoPro theme <= 2.3.8.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme VideoPro versions = 2.3.8.1...
WordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin Workreap theme's plugin versions = 3.3.6...
WordPress nK Themes Helper plugin <= 1.7.9 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin nK Themes Helper versions = 1.7.9...
WordPress WP Virtual Assistant plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Virtual Assistant versions = 3.1...
WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Arbitrary Content Deletion vulnerability
WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin = 1.25 - Arbitrary Content Deletion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Attractive Donations System - Easy Stripe & Paypal donations versions = 1.25...
WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WooCommerce Orders & Customers Exporter versions = 5.4...
WordPress Blockons plugin <= 1.2.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Blockons versions = 1.2.15...
WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin Ultimate Gift Cards For WooCommerce versions = 3.2.4...
WordPress Tutor LMS plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure via tutororderdetails vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...
WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Quiz And Survey Master versions = 10.3.3...
WordPress Gutenverse Form plugin <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Gutenverse Form versions = 2.3.2...
WordPress Folders plugin <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement vulnerability
Missing Authorization to Authenticated Author+ Media Replacement vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Folders versions = 3.1.5...
WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Block Slider versions = 2.2.3...