46606 matches found
WordPress Handmade Framework plugin <= 3.9 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Handmade Framework versions = 3.9...
WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.6.2...
WordPress WPAdverts plugin <= 2.2.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WPAdverts versions = 2.2.11...
WordPress FiboSearch plugin <= 1.32.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin FiboSearch versions = 1.32.1...
WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin X Addons for Elementor versions = 1.0.23...
WordPress Jeg Elementor Kit plugin <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 3.0.1...
WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin GA4WP: Google Analytics for WordPress versions = 2.10.0...
WordPress Typify theme <= 3.0.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Typify versions = 3.0.2...
WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Racquet versions = 1.12.0...
WordPress Mitech theme <= 2.3.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mitech versions = 2.3.4...
WordPress Moody theme <= 2.7.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Moody versions = 2.7.3...
WordPress Atlas theme <= 2.1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Atlas versions = 2.1.0...
WordPress Navian theme <= 1.5.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Navian versions = 1.5.4...
WordPress Brook - Agency Business Creative theme <= 2.9.0 - Local File Inclusion vulnerability
WordPress Brook - Agency Business Creative theme = 2.9.0 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Brook versions = 2.9.0...
WordPress AeroLand theme <= 1.6.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme AeroLand versions = 1.6.6...
WordPress Oshine theme <= 7.2.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Oshine versions = 7.2.7...
WordPress Real Estate Pro plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Real Estate Pro versions = 2.1.4...
WordPress Stackable plugin <= 3.19.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Stackable versions = 3.19.5...
WordPress ListingHub plugin 1.2.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ListingHub versions 1.2.6...
WordPress REHub Framework plugin <= 19.9.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin REHub Framework versions = 19.9.5...
WordPress OchaHouse theme <= 2.2.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme OchaHouse versions = 2.2.8...
WordPress Rozy - Flower Shop theme <= 1.2.25 - Local File Inclusion vulnerability
WordPress Rozy - Flower Shop theme = 1.2.25 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rozy - Flower Shop versions = 1.2.25...
WordPress Awesome Hotel Booking plugin <= 1.0 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification vulnerability
Incorrect Authorization to Unauthenticated Arbitrary Booking Modification vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Awesome Hotel Booking versions = 1.0...
WordPress Testimonial Master plugin <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Testimonial Master versions = 0.2.1...
WordPress CoBlocks plugin <= 3.1.16 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin CoBlocks versions = 3.1.16...
WordPress Starred Review plugin <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable vulnerability
Reflected Cross-Site Scripting via PHPSELF Variable vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Starred Review versions = 1.4.2...
WordPress Post Like Dislike plugin <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Post Like Dislike versions = 1.0...
WordPress Stumble! for WordPress plugin <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Stumble! for WordPress versions = 1.1.1...
WordPress WP Widget Changer plugin <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP Widget Changer versions = 1.2.5...
WordPress AA Block country plugin <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability
Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability discovered by Ivan Cese in WordPress Plugin AA Block country versions = 1.0.1...
WordPress Piraeus Bank WooCommerce Payment Gateway plugin <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability
Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Piraeus Bank WooCommerce Payment Gateway versions = 3.1.4...
WordPress Stylish Order Form Builder plugin <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'productname' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Stylish Order Form Builder versions = 1.0...
WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Ninja Tables versions = 5.2.4...
WordPress Accordion plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NumeX in WordPress Plugin Accordion versions = 3.0.3...
WordPress Unify plugin <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability
Missing Authorization to Unauthenticated Option Deletion via 'unifyplugindowngrade' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Unify versions = 3.4.9...
WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nabil Irawan in WordPress Plugin Media Search Enhanced versions = 0.9.1...
WordPress WP Enable WebP plugin <= 1.0 - Authenticated (Author+) Arbitrary File Upload vulnerability
Authenticated Author+ Arbitrary File Upload vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin WP Enable WebP versions = 1.0...
WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Docket Cache versions = 24.07.04...
WordPress SVG Map Plugin plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin SVG Map Plugin versions = 1.0.0...
WordPress Premmerce WooCommerce Customers Manager plugin <= 1.1.14 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Premmerce WooCommerce Customers Manager versions = 1.1.14...
WordPress WP Photo Album Plus plugin <= 9.1.05.008 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.05.008...
WordPress HBLPAY Payment Gateway for WooCommerce plugin <= 5.0.0 - Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability
Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin HBLPAY Payment Gateway for WooCommerce versions = 5.0.0...
WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability
WordPress Bit Form - Contact Form Plugin plugin = 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability discovered by andrea bocchetti in WordPress Plugin Bit Form versions = 2.21.6...
WordPress Flashcard Plugin for WordPress plugin <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal vulnerability
Authenticated Contributor+ Arbitrary File Read via Path Traversal vulnerability discovered by Bhumividh Treloges in WordPress Plugin Flashcard versions = 0.9...
WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin RSS Feed Widget versions = 3.0.2...
WordPress Customer Reviews for WooCommerce plugin <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via displayName Parameter vulnerability discovered by shark3y in WordPress Plugin Customer Reviews for WooCommerce versions = 5.93.1...
WordPress EmailKit plugin <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal vulnerability
Authenticated Author+ Arbitrary File Read via Path Traversal vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin EmailKit versions = 1.6.1...
WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Bulk Landing Page Creator for WordPress LPagery versions = 2.4.9...
WordPress User Activity Log plugin <= 2.2 - Unauthenticated Limited Options Update via Failed Login vulnerability
Unauthenticated Limited Options Update via Failed Login vulnerability discovered by shark3y in WordPress Plugin User Activity Log versions = 2.2...
WordPress ShopMagic plugin <= 4.7.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Arif Shaikh in WordPress Plugin ShopMagic versions = 4.7.2...