46624 matches found
WordPress ElementsKit Elementor Addons and Templates plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Widget vulnerability discovered by Hardik Raval in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.5.2...
WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...
WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Simplebooklet PDF Viewer and Embedder versions = 1.1.2...
WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...
WordPress GoZen Forms plugin <= 1.1.5 - Unauthenticated SQL Injection via emdedSc() vulnerability
Unauthenticated SQL Injection via emdedSc vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin GoZen Forms versions = 1.1.5...
WordPress MediaView plugin <= 1.1.2 - Reflected Cross-Site Scripting via id Parameter vulnerability
Reflected Cross-Site Scripting via id Parameter vulnerability discovered by johska in WordPress Plugin MediaView versions = 1.1.2...
WordPress WP01 - Speed, Security, SEO consultant plugin <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download vulnerability
WordPress WP01 - Speed, Security, SEO consultant plugin = 2.6.2 - Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by theviper17y in WordPress Plugin WP01 versions = 2.6.2...
WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ultimate Dashboard versions 3.8.6...
WordPress Uptodown APK Download Widget plugin <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Uptodown APK Download Widget versions = 0.1.10...
WordPress Contact Form 7 Redirect & Thank You Page plugin <= 1.0.7 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Contact Form 7 Redirect & Thank You Page versions = 1.0.7...
WordPress Quantic Social Image Hover plugin <= 1.0.8 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Quantic Social Image Hover versions = 1.0.8...
WordPress GamiPress plugin <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function vulnerability
Unauthenticated Arbitrary Shortcode Execution via gamipressdoshortcode Function vulnerability discovered by abrahack in WordPress Plugin GamiPress versions = 7.2.1...
WordPress Estatik Mortgage Calculator plugin <= 2.0.11 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Mortgage Calculator Estatik versions = 2.0.11...
WordPress Simple AL Slider plugin <= 1.2.10 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Simple AL Slider versions = 1.2.10...
WordPress Pósturinn\'s Shipping with WooCommerce plugin <= 1.3.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Pósturinn's Shipping with WooCommerce versions = 1.3.1...
WordPress Infility Global plugin <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter vulnerability
Reflected Cross-Site Scripting via settype Parameter vulnerability discovered by vgo0 in WordPress Plugin Infility Global versions = 2.9.8...
WordPress Youzify plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Options Update saveaddonkeylicense vulnerability discovered by Stiofan - AyeCode Ltd in WordPress Plugin Youzify versions = 1.3.3...
WordPress Stratum plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Stratum versions = 1.6.0...
WordPress Visual Website Collaboration, Feedback & Project Management - Atarim plugin <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion vulnerability
WordPress Visual Website Collaboration, Feedback & Project Management - Atarim plugin = 4.0.9 - Missing Authorization to Authenticated Subscriber+ Project Page/File Deletion vulnerability discovered by WordFence in WordPress Plugin Atarim versions = 4.0.9...
WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Unauthenticated Fake Payment Creation vulnerability
Unauthenticated Fake Payment Creation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Subscriptions & Memberships for PayPal versions = 1.1.7...
WordPress Bold Timeline Lite plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Parameter in 'boldtimelinegroup' Shortcode vulnerability discovered by zaim in WordPress Plugin Bold Timeline Lite versions = 1.2.7...
WordPress Easy 3D Viewer plugin <= 1.8.6.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Easy 3D Viewer versions = 1.8.6.6...
WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function vulnerability
WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via ajaxrequest Function vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.5.10-2.2.7...
WordPress Demo Importer Plus plugin <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability
Authenticated Author+ Arbitrary File Upload via WXR Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Demo Importer Plus versions = 2.0.6...
WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Banner button link vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Anber Elementor Addon versions = 1.0.1...
WordPress WP BASE Booking of Appointments, Services and Events plugin < 5.0.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP BASE Booking versions 5.0.0...
WordPress Product Table for WooCommerce plugin <= 5.0.8 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Product Table for WooCommerce versions = 5.0.8...
WordPress WoWPth plugin <= 2.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WoWPth versions = 2.0...
WordPress WP-DownloadManager plugin <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability
Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Jamshed Yergashvoyev CVE Guy - Turan Security in WordPress Plugin WP-DownloadManager versions = 1.68.10...
WordPress DeBounce Email Validator plugin <= 5.8.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin DeBounce Email Validator versions = 5.8.0...
WordPress Raptive Ads plugin <= 3.6.3 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Parasimpaticki in WordPress Plugin Raptive Ads versions = 3.6.3...
WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...
WordPress Shortcodes Ultimate plugin <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability
Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by apolo2 in WordPress Plugin Shortcodes Ultimate versions = 7.4.5...
WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...
WordPress Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto plugin <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting vulnerability
WordPress Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto plugin = 1.3.65 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shark3y in WordPress Plugin Omnichannel for WooCommerce versions = 1.3.65...
WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by zaim in WordPress Plugin Post Grid, Slider & Carousel Ultimate versions = 1.6.10...
WordPress Push Notification for Post and BuddyPress plugin <= 2.07 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.07...
WordPress Joy Of Text Lite - SMS messaging for WordPress plugin <= 2.3.1 - Settings Update via CSRF vulnerability
WordPress Joy Of Text Lite - SMS messaging for WordPress plugin = 2.3.1 - Settings Update via CSRF vulnerability discovered by Guru Raghav Saravanan in WordPress Plugin Joy Of Text Lite versions = 2.3.1...
WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...
WordPress Ads Pro plugin <= 4.89 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.89...
WordPress FunnelKit plugin <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wfopphone Shortcode vulnerability discovered by zaim in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.2...
WordPress ZoomSounds plugin < 6.05 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by ganj in WordPress Plugin ZoomSounds versions 6.05...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore vulnerability
Missing Authorization to Authenticated Subscriber+ Trash Restore vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...
WordPress Simple Video Management System plugin <= 1.0.4 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Simple Video Management System versions = 1.0.4...
WordPress WishSuite plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'buttontext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin WishSuite versions = 1.5.1...
WordPress Divi Builder plugin <= 4.27.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Divi Builder versions = 4.27.1...
WordPress HandL UTM Grabber / Tracker plugin < 2.8.1 - Reflected XSS via utm_source vulnerability
Reflected XSS via utmsource vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions 2.8.1...
WordPress WP Video Lightbox plugin <= 1.9.11 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin WP Video Lightbox versions = 1.9.11...
WordPress Search Exclude plugin <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability
Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Search Exclude versions = 2.4.9...
WordPress WP JobHunt plugin <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability
Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...