46606 matches found
WordPress Rankology SEO and Analytics Tool plugin <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation vulnerability
Incorrect Authorization to Authenticated Editor+ Header & Footer Code Creation vulnerability discovered by SangNQ29 in WordPress Plugin Rankology SEO and Analytics Tool versions = 2.0...
WordPress aBlocks - WordPress Gutenberg Blocks plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability
WordPress aBlocks - WordPress Gutenberg Blocks plugin = 2.4.0 - Missing Authorization to Authenticated Subscriber+ Settings Modification vulnerability discovered by mahdi salhi CaptinSharky01 - CaptinSharku in WordPress Plugin aBlocks versions = 2.4.0...
WordPress Key Figures plugin <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via kffieldfiguredefaultcolorrender vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Key Figures versions = 1.1...
WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion vulnerability
WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.2 - Insecure Direct Object Reference to Authenticated Instructor+ Teacher Material Deletion vulnerability discovered by Deniz Mert dennywise in WordPress Plugin LearnPress versions = 4.3.2.1...
WordPress Quote Comments plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Quote Comments versions = 3.0.0...
WordPress Newsletter Email Subscribe plugin <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Newsletter Email Subscribe versions = 2.4...
WordPress Simple User Meta Editor plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via User Meta Value Field vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via User Meta Value Field vulnerability discovered by Bhumividh Treloges in WordPress Plugin Simple User Meta Editor versions = 1.0.0...
WordPress twinklesmtp - Email Service Provider For WordPress plugin <= 1.03 - Authenticated (Administrator+) Stored Cross-Site Scripting via Sender Settings vulnerability
WordPress twinklesmtp - Email Service Provider For WordPress plugin = 1.03 - Authenticated Administrator+ Stored Cross-Site Scripting via Sender Settings vulnerability discovered by Bhumividh Treloges in WordPress Plugin twinklesmtp versions = 1.03...
WordPress HelpDesk contact form plugin plugin <= 1.1.5 - Cross-Site Request Forgery to Settings Update via handle_query_args vulnerability
Cross-Site Request Forgery to Settings Update via handlequeryargs vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin HelpDesk contact form versions = 1.1.5...
WordPress NS IE Compatibility Fixer plugin <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin NS Ie Compatibility Fixer versions = 2.1.5...
WordPress AMP for WP - Accelerated Mobile Pages plugin <= 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability
WordPress AMP for WP - Accelerated Mobile Pages plugin = 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin AMP for WP versions = 1.1.9...
WordPress WP-Members Membership Plugin plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files vulnerability
Unauthenticated Information Exposure via Unprotected Files vulnerability discovered by thinnawarth mathuros in WordPress Plugin WP-Members versions = 3.5.4.4...
WordPress teachPress plugin <= 9.0.12 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin teachPress versions = 9.0.12...
WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin IMGspider versions = 2.3.12...
WordPress BD Courier Order Ratio Checker plugin <= 2.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin BD Courier Order Ratio Checker versions = 2.0.1...
WordPress myCred plugin <= 2.9.7.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin myCred versions = 2.9.7.3...
WordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin The Events Calendar Countdown Addon versions = 1.4.15...
WordPress Essential Addons for Elementor plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Essential Addons for Elementor versions = 6.5.3...
WordPress Hendon theme < 1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hendon versions 1.7...
WordPress Taskbuilder plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Taskbuilder versions = 4.0.9...
WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Listeo Core versions 2.0.19...
WordPress Curly theme < 3.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Curly versions 3.3...
WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Optimize versions 2.4...
WordPress Wellspring theme < 2.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wellspring versions 2.8...
WordPress BulletProof Security plugin <= 6.9 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin BulletProof Security versions = 6.9...
WordPress eHive Search plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin eHive Search versions = 2.5.0...
WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Better Business Reviews versions = 0.1.1...
WordPress Quiz and Survey Master (QSM) plugin <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads vulnerability
Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads vulnerability discovered by Rahul Sreenivasan Tr0j4n - Mobikwik in WordPress Plugin Quiz And Survey Master versions = 10.3.1...
WordPress Xagio SEO plugin <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Jack Taylor in WordPress Plugin Xagio SEO versions = 7.1.0.30...
WordPress Ultimate Reviews plugin <= 3.2.16 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Doan Dinh Van in WordPress Plugin Ultimate Reviews versions = 3.2.16...
WordPress Timetics plugin <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability
Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability discovered by greenhats - Student in WordPress Plugin Timetics versions = 1.0.36...
WordPress Simply Schedule Appointments plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.5...
WordPress CBX Bookmark & Favorite plugin <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter vulnerability
Authenticated Subscriber+ SQL Injection via orderby Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin CBX Bookmark & Favorite versions = 2.0.4...
WordPress ForumWP – Forum & Discussion Board plugin <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Display Name vulnerability discovered by Sergej Ljubojevic in WordPress Plugin ForumWP versions = 2.1.6...
WordPress FS Registration Password plugin <= 1.0.1 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin FS Registration Password versions = 1.0.1...
WordPress BuddyPress Xprofile Custom Field Types plugin <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin BuddyPress Xprofile Custom Field Types versions = 1.2.8...
WordPress EduBlink Core plugin <= 2.0.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EduBlink Core versions = 2.0.7...
WordPress FastDup plugin <= 2.7 - Authenticated (Contributor+) Path Traversal via 'dir_path' REST Parameter vulnerability
Authenticated Contributor+ Path Traversal via 'dirpath' REST Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin FastDup versions = 2.7...
WordPress AS Password Field In Default Registration Form plugin <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin AS Password Field In Default Registration Form versions = 2.0.0...
WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress Download Manager plugin <= 3.3.40 - Unauthenticated Limited Privilege Escalation via updatePassword vulnerability
Unauthenticated Limited Privilege Escalation via updatePassword vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Download Manager versions = 3.3.40...
WordPress EduBlink theme <= 2.0.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme EduBlink versions = 2.0.7...
WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin AffiliateX versions = 1.3.9.3...
WordPress Easy Form Builder plugin <= 3.9.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Easy Form Builder versions = 3.9.6...
WordPress FireStorm Professional Real Estate plugin <= 2.7.11 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Mrreee in WordPress Plugin FireStorm Professional Real Estate versions = 2.7.11...
WordPress Quiz And Survey Master plugin <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Quiz Results Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Quiz And Survey Master versions = 10.3.1...
WordPress LearnPress – WordPress LMS Plugin plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification vulnerability
Missing Authentication to Unauthenticated Course Modification vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin LearnPress versions = 4.3.2...
WordPress MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion vulnerability
for Online Courses and Education plugin = 3.7.6 Missing Authorization to Authenticated Subscriber+ Posts and Media Creation, Modification and Deletion vulnerability discovered by thinnawarth mathuros in WordPress Plugin MasterStudy LMS versions = 3.7.6...
WordPress TaxoPress plugin <= 3.41.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag Modification vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Post Tag Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin TaxoPress versions = 3.41.0...
WordPress Table Field Add-on for ACF and SCF plugin <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Table Cell Content vulnerability discovered by shark3y in WordPress Plugin Table Field Add-on for ACF and SCF versions = 1.3.30...