46606 matches found
WordPress GamiPress plugin <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by kr0d in WordPress Plugin GamiPress versions = 7.6.1...
WordPress Phlox plugin <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability
Software : Phlox Type : Theme Vulnerable versions : = 2.17.7 Fixed in : 2.17.11 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-4776 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID :...
WordPress Phlox plugin <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via data-caption HTML Attribute vulnerability discovered by Webbernaut in WordPress Theme Phlox versions = 2.17.7...
WordPress Popupkit plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Subscriber Data Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin PopupKit versions = 2.2.0...
WordPress URL Image Importer plugin <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by bxdman in WordPress Plugin URL Image Importer versions = 1.0.7...
WordPress Depicter plugin <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates vulnerability
Missing Authorization to Unauthenticated Display Rule Updates vulnerability discovered by Brizzle in WordPress Plugin Depicter Slider versions = 4.0.7...
WordPress ilGhera Support System for WooCommerce plugin <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Ticket Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.2.6...
WordPress Page Expire Popup/Redirection for WordPress plugin <= 1.0 - Authenticated (Author+) SQL Injection via 'id' Shortcode Attribute vulnerability
Authenticated Author+ SQL Injection via 'id' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin Page Expire Popup/Redirection for WordPress versions = 1.0...
WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.13 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.13...
WordPress Cookies and Content Security Policy plugin <= 2.34 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin Cookies and Content Security Policy versions = 2.34...
WordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.9...
WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Automotive Listings versions = 18.6...
WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Fluent Support versions = 1.10.4...
WordPress Corpkit theme <= 2.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Corpkit versions = 2.0...
WordPress Corpkit theme <= 2.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Bonds in WordPress Theme Corpkit versions = 2.0...
WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Spiffy Calendar versions = 5.0.7...
WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin Link Whisper Free versions = 0.8.8...
WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetEngine versions = 3.7.7...
WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Restaurant versions 7.0.9...
WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Icegram versions = 3.1.35...
WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lobo versions 2.8.6...
WordPress Depicter Slider plugin <= 4.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Edisc1 in WordPress Plugin Depicter Slider versions = 4.0.4...
WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Neo Ocular versions 1.2...
WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Woffice Core versions = 5.4.30...
WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Woffice versions = 5.4.30...
WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin GetGenie versions = 4.3.0...
WordPress Photography theme < 7.7.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Photography versions 7.7.5...
WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Traveler versions = 3.2.6...
WordPress Jobify theme <= 4.3.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jobify versions = 4.3.0...
WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Demo Importer Plus versions = 2.0.8...
WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Sugar Calendar Lite versions = 3.9.1...
WordPress Team plugin < 5.0.11 - Unauthenticated SQLi vulnerability
Unauthenticated SQLi vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Team versions 5.0.11...
WordPress FlexTable Google Sheets Connector plugin < 3.19.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Nguyễn Phước Thiện in WordPress Plugin FlexTable versions 3.19.2...
WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability
Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme DeepDigital versions = 1.0.2...
WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by daroo in WordPress Plugin Timetics versions = 1.0.46...
WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Absolute Addons For Elementor versions = 1.0.14...
WordPress WP MapIt plugin <= 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP MapIt versions = 3.0.3...
WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by John P in WordPress Theme Oneline Lite versions = 6.6...
WordPress My auctions allegro plugin <= 3.6.33 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by theviper17 in WordPress Plugin My auctions allegro versions = 3.6.33...
WordPress Form to Chat App plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Form to Chat App versions = 1.2.5...
WordPress Add Polylang support for Customizer plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Add Polylang support for Customizer versions = 1.4.5...
WordPress CTX Feed plugin <= 6.6.18 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin CTX Feed versions = 6.6.18...
WordPress Smart Auto Upload Images plugin <= 1.2.2 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by lilmingwa13 in WordPress Plugin Smart Auto Upload Images versions = 1.2.2...
WordPress Wanderland theme <= 1.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wanderland versions = 1.5...
WordPress Don Peppe theme <= 1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Don Peppe versions = 1.3...
WordPress Prowess theme <= 1.8.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Prowess versions = 1.8.1...
WordPress Apimo Connector plugin <= 2.6.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin Apimo Connector versions = 2.6.5...
WordPress Verdure theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Verdure versions = 1.6...
WordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sweet Jane versions = 1.2...
WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PhotoMe versions 5.7.2...