46606 matches found
WordPress Latest Registered Users plugin <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability discovered by Legion Hunter in WordPress Plugin Latest Registered Users versions = 1.4...
WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin Image Slider Slideshow versions = 1.8...
WordPress Money Space plugin <= 2.13.9 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Kannika Khongpan in WordPress Plugin Money Space versions = 2.13.9...
WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Dashboard Welcome for Beaver Builder versions = 1.0.8...
WordPress iPaymu Payment Gateway for WooCommerce plugin <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure vulnerability
Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure vulnerability discovered by Teerachai Somprasong in WordPress Plugin iPaymu Payment Gateway for WooCommerce versions = 2.0.2...
WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Speed Kit versions = 2.0.2...
WordPress Yoco Payments plugin <= 3.8.8 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by NumeX in WordPress Plugin Yoco Payments versions = 3.8.8...
WordPress Drag and Drop Multiple File Upload - Contact Form 7 plugin <= 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload vulnerability
WordPress Drag and Drop Multiple File Upload - Contact Form 7 plugin = 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.2...
WordPress Optional Email plugin <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover vulnerability
Unauthenticated Privilege Escalation to Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Optional Email versions = 1.3.11...
WordPress Re Gallery plugin <= 1.18.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Re Gallery versions = 1.18.2...
WordPress Travel Bucket List plugin <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by ChamlaVic in WordPress Plugin Wish To Go versions = 0.5.2...
WordPress AH Shortcodes plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'column' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'column' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin AH Shortcodes versions = 1.0.2...
WordPress Simcast plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Simcast versions = 1.0.0...
WordPress Fluent Forms plugin <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Form Creation via AI Builder vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin FluentForm versions = 6.1.7...
WordPress Snillrik Restaurant plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'menustyle' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Snillrik Restaurant versions = 2.2.1...
WordPress Cool YT Player plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Cool YT Player versions = 1.0...
WordPress Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Email Template Content vulnerability discovered by fallenofalbaz in WordPress Plugin Email Customizer for WooCommerce versions = 2.6.7...
WordPress My Album Gallery plugin <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Image Title vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin My Album Gallery versions = 1.0.4...
WordPress AD Sliding FAQ plugin <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AD Sliding FAQ versions = 2.4...
WordPress My Album Gallery plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style_css' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'stylecss' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin My Album Gallery versions = 1.0.4...
WordPress Responsive Pricing Table plugin <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'tablecurrency' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Responsive Pricing Table versions = 5.1.12...
WordPress Responsive Pricing Table plugin <= 5.1.12 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Responsive Pricing Table versions = 5.1.12...
WordPress Niche Hero | Beautifully-designed blocks in seconds plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'spacing' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Niche Hero versions = 1.0.5...
WordPress QR Code for WooCommerce order emails, PDF invoices, packing slips plugin <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Cross-Site Scripting via Shortcode Attributes vulnerability discovered by WordFence in WordPress Plugin QR Code Tag for WC versions = 1.9.42...
WordPress Viitor Button Shortcodes plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'link' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Viitor Button Shortcodes versions = 3.0.0...
WordPress Multi-column Tag Map plugin <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'mctmcssconditional' Parameter vulnerability discovered by Bhayanak Atma in WordPress Plugin Multi-column Tag Map versions = 17.0.39...
WordPress Easy GitHub Gist Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Easy GitHub Gist Shortcodes versions = 1.0...
WordPress STM Gallery 1.9 plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin STM Gallery 1.9 versions = 0.9...
WordPress Reviewify plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary WooCommerce Coupon Creation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Reviewify versions = 1.0.6...
WordPress EDD Download Info plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin EDD Download Info versions = 1.1...
WordPress Sticky Action Buttons plugin <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Sticky Action Buttons versions = 1.1...
WordPress AI BotKit plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin AI BotKit versions = 1.1.7...
WordPress Smart App Banners plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Smart App Banners versions = 1.2...
WordPress Contact Us Simple Form plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Bhumividh Treloges in WordPress Plugin Contact Us Simple Form versions = 1.0...
WordPress Mamurjor Employee Info plugin <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation vulnerability
Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Mamurjor Employee Info versions = 1.0.0...
WordPress Mstoic Shortcodes plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'start' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Mstoic Shortcodes versions = 2.0...
WordPress 1180px Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin 1180px Shortcodes versions = 1.1.1...
WordPress WP Js List Pages Shortcodes plugin <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin WP Js List Pages Shortcodes versions = 1.21...
WordPress WP Recipe Manager plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'Skill Level' Input Field vulnerability discovered by ChamlaVic in WordPress Plugin WP Recipe Manager versions = 1.0.0...
WordPress PhotoFade plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin PhotoFade versions = 0.2.1...
WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability
WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin = 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin WP Front User Submit / Front Editor versio...
WordPress Latest Tabs plugin <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update vulnerability
Cross-Site Request Forgery to Plugin's Settings Update vulnerability discovered by omer yeshayahu in WordPress Plugin Latest Tabs versions = 1.5...
WordPress ACF to REST API plugin <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ ACF Field/Option Modification vulnerability discovered by Kai Aizen in WordPress Plugin ACF to REST API versions = 3.3.4...
WordPress ShareThis Dashboard for Google Analytics plugin <= 3.2.4 - Unauthenticated Google Analytics Data Exposure vulnerability
Unauthenticated Google Analytics Data Exposure vulnerability discovered by ifoundbug in WordPress Plugin ShareThis Dashboard for Google Analytics versions = 3.2.4...
WordPress Page Keys plugin <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'pagekey' Parameter vulnerability discovered by Bhumividh Treloges in WordPress Plugin Page Keys versions = 1.3.3...
WordPress WP Status Notifier plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Status Notifier versions = 1.0...
WordPress Recras WordPress plugin plugin <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Recras versions = 6.4.1...
WordPress xShare plugin <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter vulnerability
Cross-Site Request Forgery to 'rspluginreset' Parameter vulnerability discovered by dayea song - Ahnlab in WordPress Plugin xShare versions = 1.0.1...
WordPress Moosend Landing Pages plugin <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Option Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Moosend Landing Pages versions = 1.1.6...
WordPress MTCaptcha WordPress Plugin plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin MTCaptcha versions = 2.7.2...